798 files changed, 5084 insertions, 5084 deletions
diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc
index 59cd40878..d6c295414 100644
--- a/etc/inc/allow-bin-sh.inc
+++ b/etc/inc/allow-bin-sh.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-bin-sh.local
-nodeny  ${PATH}/bash
+noblacklist ${PATH}/bash
-nodeny  ${PATH}/dash
+noblacklist ${PATH}/dash
-nodeny  ${PATH}/sh
+noblacklist ${PATH}/sh
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc
index 71b1483cd..011bbe226 100644
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@@ -3,29 +3,29 @@
 include allow-common-devel.local
 # Git
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
 # Java
-nodeny  ${HOME}/.gradle
+noblacklist ${HOME}/.gradle
-nodeny  ${HOME}/.java
+noblacklist ${HOME}/.java
 # Node.js
-nodeny  ${HOME}/.node-gyp
+noblacklist ${HOME}/.node-gyp
-nodeny  ${HOME}/.npm
+noblacklist ${HOME}/.npm
-nodeny  ${HOME}/.npmrc
+noblacklist ${HOME}/.npmrc
-nodeny  ${HOME}/.nvm
+noblacklist ${HOME}/.nvm
-nodeny  ${HOME}/.yarn
+noblacklist ${HOME}/.yarn
-nodeny  ${HOME}/.yarn-config
+noblacklist ${HOME}/.yarn-config
-nodeny  ${HOME}/.yarncache
+noblacklist ${HOME}/.yarncache
-nodeny  ${HOME}/.yarnrc
+noblacklist ${HOME}/.yarnrc
 # Python
-nodeny  ${HOME}/.pylint.d
+noblacklist ${HOME}/.pylint.d
-nodeny  ${HOME}/.python-history
+noblacklist ${HOME}/.python-history
-nodeny  ${HOME}/.python_history
+noblacklist ${HOME}/.python_history
-nodeny  ${HOME}/.pythonhist
+noblacklist ${HOME}/.pythonhist
 # Rust
-nodeny  ${HOME}/.cargo/*
+noblacklist ${HOME}/.cargo/*
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc
index 2e2490079..c1366e093 100644
--- a/etc/inc/allow-gjs.inc
+++ b/etc/inc/allow-gjs.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-gjs.local
-nodeny  ${PATH}/gjs
+noblacklist ${PATH}/gjs
-nodeny  ${PATH}/gjs-console
+noblacklist ${PATH}/gjs-console
-nodeny  /usr/lib/gjs
+noblacklist /usr/lib/gjs
-nodeny  /usr/lib/libgjs*
+noblacklist /usr/lib/libgjs*
-nodeny  /usr/lib/libmozjs-*
+noblacklist /usr/lib/libmozjs-*
-nodeny  /usr/lib64/gjs
+noblacklist /usr/lib64/gjs
-nodeny  /usr/lib64/libgjs*
+noblacklist /usr/lib64/libgjs*
-nodeny  /usr/lib64/libmozjs-*
+noblacklist /usr/lib64/libmozjs-*
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc
index af44f3664..24d18fb77 100644
--- a/etc/inc/allow-java.inc
+++ b/etc/inc/allow-java.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-java.local
-nodeny  ${HOME}/.java
+noblacklist ${HOME}/.java
-nodeny  ${PATH}/java
+noblacklist ${PATH}/java
-nodeny  /etc/java
+noblacklist /etc/java
-nodeny  /usr/lib/java
+noblacklist /usr/lib/java
-nodeny  /usr/share/java
+noblacklist /usr/share/java
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc
index 3d0a1997b..9c47e7a3b 100644
--- a/etc/inc/allow-lua.inc
+++ b/etc/inc/allow-lua.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-lua.local
-nodeny  ${PATH}/lua*
+noblacklist ${PATH}/lua*
-nodeny  /usr/include
+noblacklist /usr/include
-nodeny  /usr/lib/liblua*
+noblacklist /usr/lib/liblua*
-nodeny  /usr/lib/lua
+noblacklist /usr/lib/lua
-nodeny  /usr/lib64/liblua*
+noblacklist /usr/lib64/liblua*
-nodeny  /usr/lib64/lua
+noblacklist /usr/lib64/lua
-nodeny  /usr/share/lua
+noblacklist /usr/share/lua
-nodeny  /usr/share/lua*
+noblacklist /usr/share/lua*
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc
index e915b3866..351c94ab8 100644
--- a/etc/inc/allow-nodejs.inc
+++ b/etc/inc/allow-nodejs.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-nodejs.local
-nodeny  ${PATH}/node
+noblacklist ${PATH}/node
-nodeny  /usr/include/node
+noblacklist /usr/include/node
 # Allow python for node-gyp (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc
index 00e35e983..5d2d6c5c1 100644
--- a/etc/inc/allow-opengl-game.inc
+++ b/etc/inc/allow-opengl-game.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-opengl-game.local
-nodeny  ${PATH}/bash
+noblacklist ${PATH}/bash
-allow  /usr/share/opengl-games-utils/opengl-game-functions.sh
+whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh
 private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc
index 134d27239..5a1952c94 100644
--- a/etc/inc/allow-perl.inc
+++ b/etc/inc/allow-perl.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-perl.local
-nodeny  ${PATH}/core_perl
+noblacklist ${PATH}/core_perl
-nodeny  ${PATH}/cpan*
+noblacklist ${PATH}/cpan*
-nodeny  ${PATH}/perl
+noblacklist ${PATH}/perl
-nodeny  ${PATH}/site_perl
+noblacklist ${PATH}/site_perl
-nodeny  ${PATH}/vendor_perl
+noblacklist ${PATH}/vendor_perl
-nodeny  /usr/lib/perl*
+noblacklist /usr/lib/perl*
-nodeny  /usr/lib64/perl*
+noblacklist /usr/lib64/perl*
-nodeny  /usr/share/perl*
+noblacklist /usr/share/perl*
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc
index 520c2019e..a0950dc26 100644
--- a/etc/inc/allow-php.inc
+++ b/etc/inc/allow-php.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-php.local
-nodeny  ${PATH}/php*
+noblacklist ${PATH}/php*
-nodeny  /usr/lib/php*
+noblacklist /usr/lib/php*
-nodeny  /usr/share/php*
+noblacklist /usr/share/php*
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc
index f1830043a..b0525e2e1 100644
--- a/etc/inc/allow-python2.inc
+++ b/etc/inc/allow-python2.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-python2.local
-nodeny  ${PATH}/python2*
+noblacklist ${PATH}/python2*
-nodeny  /usr/include/python2*
+noblacklist /usr/include/python2*
-nodeny  /usr/lib/python2*
+noblacklist /usr/lib/python2*
-nodeny  /usr/local/lib/python2*
+noblacklist /usr/local/lib/python2*
-nodeny  /usr/share/python2*
+noblacklist /usr/share/python2*
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc
index e4b6ed1a9..d968886b0 100644
--- a/etc/inc/allow-python3.inc
+++ b/etc/inc/allow-python3.inc
@@ -2,9 +2,9 @@
 # Persistent customizations should go in a .local file.
 include allow-python3.local
-nodeny  ${PATH}/python3*
+noblacklist ${PATH}/python3*
-nodeny  /usr/include/python3*
+noblacklist /usr/include/python3*
-nodeny  /usr/lib/python3*
+noblacklist /usr/lib/python3*
-nodeny  /usr/lib64/python3*
+noblacklist /usr/lib64/python3*
-nodeny  /usr/local/lib/python3*
+noblacklist /usr/local/lib/python3*
-nodeny  /usr/share/python3*
+noblacklist /usr/share/python3*
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc
index d949bbc84..a8c701219 100644
--- a/etc/inc/allow-ruby.inc
+++ b/etc/inc/allow-ruby.inc
@@ -2,5 +2,5 @@
 # Persistent customizations should go in a .local file.
 include allow-ruby.local
-nodeny  ${PATH}/ruby
+noblacklist ${PATH}/ruby
-nodeny  /usr/lib/ruby
+noblacklist /usr/lib/ruby
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc
index 44957bf32..67c78a483 100644
--- a/etc/inc/allow-ssh.inc
+++ b/etc/inc/allow-ssh.inc
@@ -2,7 +2,7 @@
 # Persistent customizations should go in a .local file.
 include allow-ssh.local
-nodeny  ${HOME}/.ssh
+noblacklist ${HOME}/.ssh
-nodeny  /etc/ssh
+noblacklist /etc/ssh
-nodeny  /etc/ssh/ssh_config
+noblacklist /etc/ssh/ssh_config
-nodeny  /tmp/ssh-*
+noblacklist /tmp/ssh-*
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 1283a3a3d..6df0c4990 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -5,63 +5,63 @@ include disable-common.local
 # The following block breaks trash functionality in file managers
 #read-only ${HOME}/.local
 #read-write ${HOME}/.local/share
-deny  ${HOME}/.local/share/Trash
+blacklist ${HOME}/.local/share/Trash
 # History files in $HOME and clipboard managers
-deny-nolog  ${HOME}/.*_history
+blacklist-nolog ${HOME}/.*_history
-deny-nolog  ${HOME}/.adobe
+blacklist-nolog ${HOME}/.adobe
-deny-nolog  ${HOME}/.cache/greenclip*
+blacklist-nolog ${HOME}/.cache/greenclip*
-deny-nolog  ${HOME}/.histfile
+blacklist-nolog ${HOME}/.histfile
-deny-nolog  ${HOME}/.history
+blacklist-nolog ${HOME}/.history
-deny-nolog  ${HOME}/.kde/share/apps/klipper
+blacklist-nolog ${HOME}/.kde/share/apps/klipper
-deny-nolog  ${HOME}/.kde4/share/apps/klipper
+blacklist-nolog ${HOME}/.kde4/share/apps/klipper
-deny-nolog  ${HOME}/.local/share/fish/fish_history
+blacklist-nolog ${HOME}/.local/share/fish/fish_history
-deny-nolog  ${HOME}/.local/share/klipper
+blacklist-nolog ${HOME}/.local/share/klipper
-deny-nolog  ${HOME}/.macromedia
+blacklist-nolog ${HOME}/.macromedia
-deny-nolog  ${HOME}/.mupdf.history
+blacklist-nolog ${HOME}/.mupdf.history
-deny-nolog  ${HOME}/.python-history
+blacklist-nolog ${HOME}/.python-history
-deny-nolog  ${HOME}/.python_history
+blacklist-nolog ${HOME}/.python_history
-deny-nolog  ${HOME}/.pythonhist
+blacklist-nolog ${HOME}/.pythonhist
-deny-nolog  ${HOME}/.lesshst
+blacklist-nolog ${HOME}/.lesshst
-deny-nolog  ${HOME}/.viminfo
+blacklist-nolog ${HOME}/.viminfo
-deny-nolog  /tmp/clipmenu*
+blacklist-nolog /tmp/clipmenu*
 # X11 session autostart
 # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs
-deny  ${HOME}/.Xsession
+blacklist ${HOME}/.Xsession
-deny  ${HOME}/.blackbox
+blacklist ${HOME}/.blackbox
-deny  ${HOME}/.config/autostart
+blacklist ${HOME}/.config/autostart
-deny  ${HOME}/.config/autostart-scripts
+blacklist ${HOME}/.config/autostart-scripts
-deny  ${HOME}/.config/awesome
+blacklist ${HOME}/.config/awesome
-deny  ${HOME}/.config/i3
+blacklist ${HOME}/.config/i3
-deny  ${HOME}/.config/sway
+blacklist ${HOME}/.config/sway
-deny  ${HOME}/.config/lxsession/LXDE/autostart
+blacklist ${HOME}/.config/lxsession/LXDE/autostart
-deny  ${HOME}/.config/openbox
+blacklist ${HOME}/.config/openbox
-deny  ${HOME}/.config/plasma-workspace
+blacklist ${HOME}/.config/plasma-workspace
-deny  ${HOME}/.config/startupconfig
+blacklist ${HOME}/.config/startupconfig
-deny  ${HOME}/.config/startupconfigkeys
+blacklist ${HOME}/.config/startupconfigkeys
-deny  ${HOME}/.fluxbox
+blacklist ${HOME}/.fluxbox
-deny  ${HOME}/.gnomerc
+blacklist ${HOME}/.gnomerc
-deny  ${HOME}/.kde/Autostart
+blacklist ${HOME}/.kde/Autostart
-deny  ${HOME}/.kde/env
+blacklist ${HOME}/.kde/env
-deny  ${HOME}/.kde/share/autostart
+blacklist ${HOME}/.kde/share/autostart
-deny  ${HOME}/.kde/share/config/startupconfig
+blacklist ${HOME}/.kde/share/config/startupconfig
-deny  ${HOME}/.kde/share/config/startupconfigkeys
+blacklist ${HOME}/.kde/share/config/startupconfigkeys
-deny  ${HOME}/.kde/shutdown
+blacklist ${HOME}/.kde/shutdown
-deny  ${HOME}/.kde4/env
+blacklist ${HOME}/.kde4/env
-deny  ${HOME}/.kde4/Autostart
+blacklist ${HOME}/.kde4/Autostart
-deny  ${HOME}/.kde4/share/autostart
+blacklist ${HOME}/.kde4/share/autostart
-deny  ${HOME}/.kde4/shutdown
+blacklist ${HOME}/.kde4/shutdown
-deny  ${HOME}/.kde4/share/config/startupconfig
+blacklist ${HOME}/.kde4/share/config/startupconfig
-deny  ${HOME}/.kde4/share/config/startupconfigkeys
+blacklist ${HOME}/.kde4/share/config/startupconfigkeys
-deny  ${HOME}/.local/share/autostart
+blacklist ${HOME}/.local/share/autostart
-deny  ${HOME}/.xinitrc
+blacklist ${HOME}/.xinitrc
-deny  ${HOME}/.xprofile
+blacklist ${HOME}/.xprofile
-deny  ${HOME}/.xserverrc
+blacklist ${HOME}/.xserverrc
-deny  ${HOME}/.xsession
+blacklist ${HOME}/.xsession
-deny  ${HOME}/.xsessionrc
+blacklist ${HOME}/.xsessionrc
-deny  /etc/X11/Xsession.d
+blacklist /etc/X11/Xsession.d
-deny  /etc/xdg/autostart
+blacklist /etc/xdg/autostart
 read-only ${HOME}/.Xauthority
 # Session manager
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority
 #?HAS_X11: blacklist /tmp/.ICE-unix
 # KDE config
-deny  ${HOME}/.cache/konsole
+blacklist ${HOME}/.cache/konsole
-deny  ${HOME}/.config/khotkeysrc
+blacklist ${HOME}/.config/khotkeysrc
-deny  ${HOME}/.config/krunnerrc
+blacklist ${HOME}/.config/krunnerrc
-deny  ${HOME}/.config/kscreenlockerrc
+blacklist ${HOME}/.config/kscreenlockerrc
-deny  ${HOME}/.config/ksslcertificatemanager
+blacklist ${HOME}/.config/ksslcertificatemanager
-deny  ${HOME}/.config/kwalletrc
+blacklist ${HOME}/.config/kwalletrc
-deny  ${HOME}/.config/kwinrc
+blacklist ${HOME}/.config/kwinrc
-deny  ${HOME}/.config/kwinrulesrc
+blacklist ${HOME}/.config/kwinrulesrc
-deny  ${HOME}/.config/plasma-locale-settings.sh
+blacklist ${HOME}/.config/plasma-locale-settings.sh
-deny  ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
+blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
-deny  ${HOME}/.config/plasmashellrc
+blacklist ${HOME}/.config/plasmashellrc
-deny  ${HOME}/.config/plasmavaultrc
+blacklist ${HOME}/.config/plasmavaultrc
-deny  ${HOME}/.kde/share/apps/kwin
+blacklist ${HOME}/.kde/share/apps/kwin
-deny  ${HOME}/.kde/share/apps/plasma
+blacklist ${HOME}/.kde/share/apps/plasma
-deny  ${HOME}/.kde/share/apps/solid
+blacklist ${HOME}/.kde/share/apps/solid
-deny  ${HOME}/.kde/share/config/khotkeysrc
+blacklist ${HOME}/.kde/share/config/khotkeysrc
-deny  ${HOME}/.kde/share/config/krunnerrc
+blacklist ${HOME}/.kde/share/config/krunnerrc
-deny  ${HOME}/.kde/share/config/kscreensaverrc
+blacklist ${HOME}/.kde/share/config/kscreensaverrc
-deny  ${HOME}/.kde/share/config/ksslcertificatemanager
+blacklist ${HOME}/.kde/share/config/ksslcertificatemanager
-deny  ${HOME}/.kde/share/config/kwalletrc
+blacklist ${HOME}/.kde/share/config/kwalletrc
-deny  ${HOME}/.kde/share/config/kwinrc
+blacklist ${HOME}/.kde/share/config/kwinrc
-deny  ${HOME}/.kde/share/config/kwinrulesrc
+blacklist ${HOME}/.kde/share/config/kwinrulesrc
-deny  ${HOME}/.kde/share/config/plasma-desktop-appletsrc
+blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc
-deny  ${HOME}/.kde4/share/apps/kwin
+blacklist ${HOME}/.kde4/share/apps/kwin
-deny  ${HOME}/.kde4/share/apps/plasma
+blacklist ${HOME}/.kde4/share/apps/plasma
-deny  ${HOME}/.kde4/share/apps/solid
+blacklist ${HOME}/.kde4/share/apps/solid
-deny  ${HOME}/.kde4/share/config/khotkeysrc
+blacklist ${HOME}/.kde4/share/config/khotkeysrc
-deny  ${HOME}/.kde4/share/config/krunnerrc
+blacklist ${HOME}/.kde4/share/config/krunnerrc
-deny  ${HOME}/.kde4/share/config/kscreensaverrc
+blacklist ${HOME}/.kde4/share/config/kscreensaverrc
-deny  ${HOME}/.kde4/share/config/ksslcertificatemanager
+blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager
-deny  ${HOME}/.kde4/share/config/kwalletrc
+blacklist ${HOME}/.kde4/share/config/kwalletrc
-deny  ${HOME}/.kde4/share/config/kwinrc
+blacklist ${HOME}/.kde4/share/config/kwinrc
-deny  ${HOME}/.kde4/share/config/kwinrulesrc
+blacklist ${HOME}/.kde4/share/config/kwinrulesrc
-deny  ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
+blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
-deny  ${HOME}/.local/share/kglobalaccel
+blacklist ${HOME}/.local/share/kglobalaccel
-deny  ${HOME}/.local/share/kwin
+blacklist ${HOME}/.local/share/kwin
-deny  ${HOME}/.local/share/plasma
+blacklist ${HOME}/.local/share/plasma
-deny  ${HOME}/.local/share/plasmashell
+blacklist ${HOME}/.local/share/plasmashell
-deny  ${HOME}/.local/share/solid
+blacklist ${HOME}/.local/share/solid
-deny  /tmp/konsole-*.history
+blacklist /tmp/konsole-*.history
 read-only ${HOME}/.cache/ksycoca5_*
 read-only ${HOME}/.config/*notifyrc
 read-only ${HOME}/.config/kdeglobals
@@ -138,139 +138,139 @@ read-only ${HOME}/.local/share/kservices5
 read-only ${HOME}/.local/share/kssl
 # KDE sockets
-deny  ${RUNUSER}/*.slave-socket
+blacklist ${RUNUSER}/*.slave-socket
-deny  ${RUNUSER}/kdeinit5__*
+blacklist ${RUNUSER}/kdeinit5__*
-deny  ${RUNUSER}/kdesud_*
+blacklist ${RUNUSER}/kdesud_*
 # see #3358
 #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-*
 #?HAS_NODBUS: blacklist /tmp/ksocket-*
 # gnome
 # contains extensions, last used times of applications, and notifications
-deny  ${HOME}/.local/share/gnome-shell
+blacklist ${HOME}/.local/share/gnome-shell
 # contains recently used files and serials of static/removable storage
-deny  ${HOME}/.local/share/gvfs-metadata
+blacklist ${HOME}/.local/share/gvfs-metadata
 # no direct modification of dconf database
 read-only ${HOME}/.config/dconf
-deny  ${RUNUSER}/gnome-session-leader-fifo
+blacklist ${RUNUSER}/gnome-session-leader-fifo
-deny  ${RUNUSER}/gnome-shell
+blacklist ${RUNUSER}/gnome-shell
-deny  ${RUNUSER}/gsconnect
+blacklist ${RUNUSER}/gsconnect
 # systemd
-deny  ${HOME}/.config/systemd
+blacklist ${HOME}/.config/systemd
-deny  ${HOME}/.local/share/systemd
+blacklist ${HOME}/.local/share/systemd
-deny  /var/lib/systemd
+blacklist /var/lib/systemd
-deny  ${PATH}/systemd-run
+blacklist ${PATH}/systemd-run
-deny  ${RUNUSER}/systemd
+blacklist ${RUNUSER}/systemd
-deny  ${PATH}/systemctl
+blacklist ${PATH}/systemctl
-deny  /etc/systemd/system
+blacklist /etc/systemd/system
-deny  /etc/systemd/network
+blacklist /etc/systemd/network
 # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
 #blacklist /var/run/systemd
 # openrc
-deny  /etc/runlevels/
+blacklist /etc/runlevels/
-deny  /etc/init.d/
+blacklist /etc/init.d/
-deny  /etc/rc.conf
+blacklist /etc/rc.conf
 # VirtualBox
-deny  ${HOME}/.VirtualBox
+blacklist ${HOME}/.VirtualBox
-deny  ${HOME}/.config/VirtualBox
+blacklist ${HOME}/.config/VirtualBox
-deny  ${HOME}/VirtualBox VMs
+blacklist ${HOME}/VirtualBox VMs
 # GNOME Boxes
-deny  ${HOME}/.config/gnome-boxes
+blacklist ${HOME}/.config/gnome-boxes
-deny  ${HOME}/.local/share/gnome-boxes
+blacklist ${HOME}/.local/share/gnome-boxes
 # libvirt
-deny  ${HOME}/.cache/libvirt
+blacklist ${HOME}/.cache/libvirt
-deny  ${HOME}/.config/libvirt
+blacklist ${HOME}/.config/libvirt
-deny  ${RUNUSER}/libvirt
+blacklist ${RUNUSER}/libvirt
-deny  /var/cache/libvirt
+blacklist /var/cache/libvirt
-deny  /var/lib/libvirt
+blacklist /var/lib/libvirt
-deny  /var/log/libvirt
+blacklist /var/log/libvirt
 # OCI-Containers / Podman
-deny  ${RUNUSER}/containers
+blacklist ${RUNUSER}/containers
-deny  ${RUNUSER}/crun
+blacklist ${RUNUSER}/crun
-deny  ${RUNUSER}/libpod
+blacklist ${RUNUSER}/libpod
-deny  ${RUNUSER}/runc
+blacklist ${RUNUSER}/runc
-deny  ${RUNUSER}/toolbox
+blacklist ${RUNUSER}/toolbox
 # VeraCrypt
-deny  ${HOME}/.VeraCrypt
+blacklist ${HOME}/.VeraCrypt
-deny  ${PATH}/veracrypt
+blacklist ${PATH}/veracrypt
-deny  ${PATH}/veracrypt-uninstall.sh
+blacklist ${PATH}/veracrypt-uninstall.sh
-deny  /usr/share/applications/veracrypt.*
+blacklist /usr/share/applications/veracrypt.*
-deny  /usr/share/pixmaps/veracrypt.*
+blacklist /usr/share/pixmaps/veracrypt.*
-deny  /usr/share/veracrypt
+blacklist /usr/share/veracrypt
 # TrueCrypt
-deny  ${HOME}/.TrueCrypt
+blacklist ${HOME}/.TrueCrypt
-deny  ${PATH}/truecrypt
+blacklist ${PATH}/truecrypt
-deny  ${PATH}/truecrypt-uninstall.sh
+blacklist ${PATH}/truecrypt-uninstall.sh
-deny  /usr/share/applications/truecrypt.*
+blacklist /usr/share/applications/truecrypt.*
-deny  /usr/share/pixmaps/truecrypt.*
+blacklist /usr/share/pixmaps/truecrypt.*
-deny  /usr/share/truecrypt
+blacklist /usr/share/truecrypt
 # zuluCrypt
-deny  ${HOME}/.zuluCrypt
+blacklist ${HOME}/.zuluCrypt
-deny  ${HOME}/.zuluCrypt-socket
+blacklist ${HOME}/.zuluCrypt-socket
-deny  ${PATH}/zuluCrypt-cli
+blacklist ${PATH}/zuluCrypt-cli
-deny  ${PATH}/zuluMount-cli
+blacklist ${PATH}/zuluMount-cli
 # var
-deny  /var/cache/apt
+blacklist /var/cache/apt
-deny  /var/cache/pacman
+blacklist /var/cache/pacman
-deny  /var/lib/apt
+blacklist /var/lib/apt
-deny  /var/lib/clamav
+blacklist /var/lib/clamav
-deny  /var/lib/dkms
+blacklist /var/lib/dkms
-deny  /var/lib/mysql/mysql.sock
+blacklist /var/lib/mysql/mysql.sock
-deny  /var/lib/mysqld/mysql.sock
+blacklist /var/lib/mysqld/mysql.sock
-deny  /var/lib/pacman
+blacklist /var/lib/pacman
-deny  /var/lib/upower
+blacklist /var/lib/upower
 # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for
 # every sandbox, unless --writable-var-log switch is activated
-deny  /var/mail
+blacklist /var/mail
-deny  /var/opt
+blacklist /var/opt
-deny  /var/run/acpid.socket
+blacklist /var/run/acpid.socket
-deny  /var/run/docker.sock
+blacklist /var/run/docker.sock
-deny  /var/run/minissdpd.sock
+blacklist /var/run/minissdpd.sock
-deny  /var/run/mysql/mysqld.sock
+blacklist /var/run/mysql/mysqld.sock
-deny  /var/run/mysqld/mysqld.sock
+blacklist /var/run/mysqld/mysqld.sock
-deny  /var/run/rpcbind.sock
+blacklist /var/run/rpcbind.sock
-deny  /var/run/screens
+blacklist /var/run/screens
-deny  /var/spool/anacron
+blacklist /var/spool/anacron
-deny  /var/spool/cron
+blacklist /var/spool/cron
-deny  /var/spool/mail
+blacklist /var/spool/mail
 # etc
-deny  /etc/anacrontab
+blacklist /etc/anacrontab
-deny  /etc/cron*
+blacklist /etc/cron*
-deny  /etc/profile.d
+blacklist /etc/profile.d
-deny  /etc/rc.local
+blacklist /etc/rc.local
 # rc1.d, rc2.d, ...
-deny  /etc/rc?.d
+blacklist /etc/rc?.d
-deny  /etc/kernel*
+blacklist /etc/kernel*
-deny  /etc/grub*
+blacklist /etc/grub*
-deny  /etc/dkms
+blacklist /etc/dkms
-deny  /etc/apparmor*
+blacklist /etc/apparmor*
-deny  /etc/selinux
+blacklist /etc/selinux
-deny  /etc/modules*
+blacklist /etc/modules*
-deny  /etc/logrotate*
+blacklist /etc/logrotate*
-deny  /etc/adduser.conf
+blacklist /etc/adduser.conf
 # hide config for various intrusion detection systems
-deny  /etc/rkhunter.conf
+blacklist /etc/rkhunter.conf
-deny  /var/lib/rkhunter
+blacklist /var/lib/rkhunter
-deny  /etc/chkrootkit.conf
+blacklist /etc/chkrootkit.conf
-deny  /etc/lynis
+blacklist /etc/lynis
-deny  /etc/aide
+blacklist /etc/aide
-deny  /etc/logcheck
+blacklist /etc/logcheck
-deny  /etc/tripwire
+blacklist /etc/tripwire
-deny  /etc/snort
+blacklist /etc/snort
-deny  /etc/fail2ban.conf
+blacklist /etc/fail2ban.conf
-deny  /etc/suricata
+blacklist /etc/suricata
 # Startup files
 read-only ${HOME}/.antigen
@@ -307,13 +307,13 @@ read-only ${HOME}/.zshrc
 read-only ${HOME}/.zshrc.local
 # Remote access
-deny  ${HOME}/.rhosts
+blacklist ${HOME}/.rhosts
-deny  ${HOME}/.shosts
+blacklist ${HOME}/.shosts
-deny  ${HOME}/.ssh/authorized_keys
+blacklist ${HOME}/.ssh/authorized_keys
-deny  ${HOME}/.ssh/authorized_keys2
+blacklist ${HOME}/.ssh/authorized_keys2
-deny  ${HOME}/.ssh/environment
+blacklist ${HOME}/.ssh/environment
-deny  ${HOME}/.ssh/rc
+blacklist ${HOME}/.ssh/rc
-deny  /etc/hosts.equiv
+blacklist /etc/hosts.equiv
 read-only ${HOME}/.ssh/config
 read-only ${HOME}/.ssh/config.d
@@ -374,200 +374,200 @@ read-only ${HOME}/.local/share/mime
 read-only ${HOME}/.local/share/thumbnailers
 # prevent access to ssh-agent
-deny  /tmp/ssh-*
+blacklist /tmp/ssh-*
 # top secret
-deny  ${HOME}/*.kdb
+blacklist ${HOME}/*.kdb
-deny  ${HOME}/*.kdbx
+blacklist ${HOME}/*.kdbx
-deny  ${HOME}/*.key
+blacklist ${HOME}/*.key
-deny  ${HOME}/.Private
+blacklist ${HOME}/.Private
-deny  ${HOME}/.caff
+blacklist ${HOME}/.caff
-deny  ${HOME}/.cargo/credentials
+blacklist ${HOME}/.cargo/credentials
-deny  ${HOME}/.cargo/credentials.toml
+blacklist ${HOME}/.cargo/credentials.toml
-deny  ${HOME}/.cert
+blacklist ${HOME}/.cert
-deny  ${HOME}/.config/keybase
+blacklist ${HOME}/.config/keybase
-deny  ${HOME}/.davfs2/secrets
+blacklist ${HOME}/.davfs2/secrets
-deny  ${HOME}/.ecryptfs
+blacklist ${HOME}/.ecryptfs
-deny  ${HOME}/.fetchmailrc
+blacklist ${HOME}/.fetchmailrc
-deny  ${HOME}/.fscrypt
+blacklist ${HOME}/.fscrypt
-deny  ${HOME}/.git-credential-cache
+blacklist ${HOME}/.git-credential-cache
-deny  ${HOME}/.git-credentials
+blacklist ${HOME}/.git-credentials
-deny  ${HOME}/.gnome2/keyrings
+blacklist ${HOME}/.gnome2/keyrings
-deny  ${HOME}/.gnupg
+blacklist ${HOME}/.gnupg
-deny  ${HOME}/.config/hub
+blacklist ${HOME}/.config/hub
-deny  ${HOME}/.kde/share/apps/kwallet
+blacklist ${HOME}/.kde/share/apps/kwallet
-deny  ${HOME}/.kde4/share/apps/kwallet
+blacklist ${HOME}/.kde4/share/apps/kwallet
-deny  ${HOME}/.local/share/keyrings
+blacklist ${HOME}/.local/share/keyrings
-deny  ${HOME}/.local/share/kwalletd
+blacklist ${HOME}/.local/share/kwalletd
-deny  ${HOME}/.local/share/plasma-vault
+blacklist ${HOME}/.local/share/plasma-vault
-deny  ${HOME}/.msmtprc
+blacklist ${HOME}/.msmtprc
-deny  ${HOME}/.mutt
+blacklist ${HOME}/.mutt
-deny  ${HOME}/.muttrc
+blacklist ${HOME}/.muttrc
-deny  ${HOME}/.netrc
+blacklist ${HOME}/.netrc
-deny  ${HOME}/.nyx
+blacklist ${HOME}/.nyx
-deny  ${HOME}/.pki
+blacklist ${HOME}/.pki
-deny  ${HOME}/.local/share/pki
+blacklist ${HOME}/.local/share/pki
-deny  ${HOME}/.smbcredentials
+blacklist ${HOME}/.smbcredentials
-deny  ${HOME}/.ssh
+blacklist ${HOME}/.ssh
-deny  ${HOME}/.vaults
+blacklist ${HOME}/.vaults
-deny  /.fscrypt
+blacklist /.fscrypt
-deny  /etc/davfs2/secrets
+blacklist /etc/davfs2/secrets
-deny  /etc/group+
+blacklist /etc/group+
-deny  /etc/group-
+blacklist /etc/group-
-deny  /etc/gshadow
+blacklist /etc/gshadow
-deny  /etc/gshadow+
+blacklist /etc/gshadow+
-deny  /etc/gshadow-
+blacklist /etc/gshadow-
-deny  /etc/passwd+
+blacklist /etc/passwd+
-deny  /etc/passwd-
+blacklist /etc/passwd-
-deny  /etc/shadow
+blacklist /etc/shadow
-deny  /etc/shadow+
+blacklist /etc/shadow+
-deny  /etc/shadow-
+blacklist /etc/shadow-
-deny  /etc/ssh
+blacklist /etc/ssh
-deny  /etc/ssh/*
+blacklist /etc/ssh/*
-deny  /home/.ecryptfs
+blacklist /home/.ecryptfs
-deny  /home/.fscrypt
+blacklist /home/.fscrypt
-deny  /var/backup
+blacklist /var/backup
 # cloud provider configuration
-deny  ${HOME}/.aws
+blacklist ${HOME}/.aws
-deny  ${HOME}/.boto
+blacklist ${HOME}/.boto
-deny  ${HOME}/.config/gcloud
+blacklist ${HOME}/.config/gcloud
-deny  ${HOME}/.kube
+blacklist ${HOME}/.kube
-deny  ${HOME}/.passwd-s3fs
+blacklist ${HOME}/.passwd-s3fs
-deny  ${HOME}/.s3cmd
+blacklist ${HOME}/.s3cmd
-deny  /etc/boto.cfg
+blacklist /etc/boto.cfg
 # system directories
-deny  /sbin
+blacklist /sbin
-deny  /usr/local/sbin
+blacklist /usr/local/sbin
-deny  /usr/sbin
+blacklist /usr/sbin
 # system management
-deny  ${PATH}/at
+blacklist ${PATH}/at
-deny  ${PATH}/busybox
+blacklist ${PATH}/busybox
-deny  ${PATH}/chage
+blacklist ${PATH}/chage
-deny  ${PATH}/chfn
+blacklist ${PATH}/chfn
-deny  ${PATH}/chsh
+blacklist ${PATH}/chsh
-deny  ${PATH}/crontab
+blacklist ${PATH}/crontab
-deny  ${PATH}/evtest
+blacklist ${PATH}/evtest
-deny  ${PATH}/expiry
+blacklist ${PATH}/expiry
-deny  ${PATH}/fusermount
+blacklist ${PATH}/fusermount
-deny  ${PATH}/gksu
+blacklist ${PATH}/gksu
-deny  ${PATH}/gksudo
+blacklist ${PATH}/gksudo
-deny  ${PATH}/gpasswd
+blacklist ${PATH}/gpasswd
-deny  ${PATH}/kdesudo
+blacklist ${PATH}/kdesudo
-deny  ${PATH}/ksu
+blacklist ${PATH}/ksu
-deny  ${PATH}/mount
+blacklist ${PATH}/mount
-deny  ${PATH}/mount.ecryptfs_private
+blacklist ${PATH}/mount.ecryptfs_private
-deny  ${PATH}/nc
+blacklist ${PATH}/nc
-deny  ${PATH}/ncat
+blacklist ${PATH}/ncat
-deny  ${PATH}/nmap
+blacklist ${PATH}/nmap
-deny  ${PATH}/newgidmap
+blacklist ${PATH}/newgidmap
-deny  ${PATH}/newgrp
+blacklist ${PATH}/newgrp
-deny  ${PATH}/newuidmap
+blacklist ${PATH}/newuidmap
-deny  ${PATH}/ntfs-3g
+blacklist ${PATH}/ntfs-3g
-deny  ${PATH}/pkexec
+blacklist ${PATH}/pkexec
-deny  ${PATH}/procmail
+blacklist ${PATH}/procmail
-deny  ${PATH}/sg
+blacklist ${PATH}/sg
-deny  ${PATH}/strace
+blacklist ${PATH}/strace
-deny  ${PATH}/su
+blacklist ${PATH}/su
-deny  ${PATH}/sudo
+blacklist ${PATH}/sudo
-deny  ${PATH}/tcpdump
+blacklist ${PATH}/tcpdump
-deny  ${PATH}/umount
+blacklist ${PATH}/umount
-deny  ${PATH}/unix_chkpwd
+blacklist ${PATH}/unix_chkpwd
-deny  ${PATH}/xev
+blacklist ${PATH}/xev
-deny  ${PATH}/xinput
+blacklist ${PATH}/xinput
 # other SUID binaries
-deny  /usr/lib/virtualbox
+blacklist /usr/lib/virtualbox
-deny  /usr/lib64/virtualbox
+blacklist /usr/lib64/virtualbox
 # prevent lxterminal connecting to an existing lxterminal session
-deny  /tmp/.lxterminal-socket*
+blacklist /tmp/.lxterminal-socket*
 # prevent tmux connecting to an existing session
-deny  /tmp/tmux-*
+blacklist /tmp/tmux-*
 # disable terminals running as server resulting in sandbox escape
-deny  ${PATH}/lxterminal
+blacklist ${PATH}/lxterminal
-deny  ${PATH}/gnome-terminal
+blacklist ${PATH}/gnome-terminal
-deny  ${PATH}/gnome-terminal.wrapper
+blacklist ${PATH}/gnome-terminal.wrapper
-deny  ${PATH}/lilyterm
+blacklist ${PATH}/lilyterm
-deny  ${PATH}/mate-terminal
+blacklist ${PATH}/mate-terminal
-deny  ${PATH}/mate-terminal.wrapper
+blacklist ${PATH}/mate-terminal.wrapper
-deny  ${PATH}/pantheon-terminal
+blacklist ${PATH}/pantheon-terminal
-deny  ${PATH}/roxterm
+blacklist ${PATH}/roxterm
-deny  ${PATH}/roxterm-config
+blacklist ${PATH}/roxterm-config
-deny  ${PATH}/terminix
+blacklist ${PATH}/terminix
-deny  ${PATH}/tilix
+blacklist ${PATH}/tilix
-deny  ${PATH}/urxvtc
+blacklist ${PATH}/urxvtc
-deny  ${PATH}/urxvtcd
+blacklist ${PATH}/urxvtcd
-deny  ${PATH}/xfce4-terminal
+blacklist ${PATH}/xfce4-terminal
-deny  ${PATH}/xfce4-terminal.wrapper
+blacklist ${PATH}/xfce4-terminal.wrapper
 # blacklist ${PATH}/konsole
 # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04
 # kernel files
-deny  /initrd*
+blacklist /initrd*
-deny  /vmlinuz*
+blacklist /vmlinuz*
 # snapshot files
-deny  /.snapshots
+blacklist /.snapshots
 # flatpak
-deny  ${HOME}/.cache/flatpak
+blacklist ${HOME}/.cache/flatpak
-deny  ${HOME}/.config/flatpak
+blacklist ${HOME}/.config/flatpak
-nodeny  ${HOME}/.local/share/flatpak/exports
+noblacklist ${HOME}/.local/share/flatpak/exports
 read-only ${HOME}/.local/share/flatpak/exports
-deny  ${HOME}/.local/share/flatpak/*
+blacklist ${HOME}/.local/share/flatpak/*
-deny  ${HOME}/.var
+blacklist ${HOME}/.var
-deny  ${RUNUSER}/app
+blacklist ${RUNUSER}/app
-deny  ${RUNUSER}/doc
+blacklist ${RUNUSER}/doc
-deny  ${RUNUSER}/.dbus-proxy
+blacklist ${RUNUSER}/.dbus-proxy
-deny  ${RUNUSER}/.flatpak
+blacklist ${RUNUSER}/.flatpak
-deny  ${RUNUSER}/.flatpak-cache
+blacklist ${RUNUSER}/.flatpak-cache
-deny  ${RUNUSER}/.flatpak-helper
+blacklist ${RUNUSER}/.flatpak-helper
-deny  /usr/share/flatpak
+blacklist /usr/share/flatpak
-nodeny  /var/lib/flatpak/exports
+noblacklist /var/lib/flatpak/exports
-deny  /var/lib/flatpak/*
+blacklist /var/lib/flatpak/*
 # most of the time bwrap is SUID binary
-deny  ${PATH}/bwrap
+blacklist ${PATH}/bwrap
 # snap
-deny  ${RUNUSER}/snapd-session-agent.socket
+blacklist ${RUNUSER}/snapd-session-agent.socket
 # mail directories used by mutt
-deny  ${HOME}/.Mail
+blacklist ${HOME}/.Mail
-deny  ${HOME}/.mail
+blacklist ${HOME}/.mail
-deny  ${HOME}/.signature
+blacklist ${HOME}/.signature
-deny  ${HOME}/Mail
+blacklist ${HOME}/Mail
-deny  ${HOME}/mail
+blacklist ${HOME}/mail
-deny  ${HOME}/postponed
+blacklist ${HOME}/postponed
-deny  ${HOME}/sent
+blacklist ${HOME}/sent
 # kernel configuration
-deny  /proc/config.gz
+blacklist /proc/config.gz
 # prevent DNS malware attempting to communicate with the server
 # using regular DNS tools
-deny  ${PATH}/dig
+blacklist ${PATH}/dig
-deny  ${PATH}/dlint
+blacklist ${PATH}/dlint
-deny  ${PATH}/dns2tcp
+blacklist ${PATH}/dns2tcp
-deny  ${PATH}/dnssec-*
+blacklist ${PATH}/dnssec-*
-deny  ${PATH}/dnswalk
+blacklist ${PATH}/dnswalk
-deny  ${PATH}/drill
+blacklist ${PATH}/drill
-deny  ${PATH}/host
+blacklist ${PATH}/host
-deny  ${PATH}/iodine
+blacklist ${PATH}/iodine
-deny  ${PATH}/kdig
+blacklist ${PATH}/kdig
-deny  ${PATH}/khost
+blacklist ${PATH}/khost
-deny  ${PATH}/knsupdate
+blacklist ${PATH}/knsupdate
-deny  ${PATH}/ldns-*
+blacklist ${PATH}/ldns-*
-deny  ${PATH}/ldnsd
+blacklist ${PATH}/ldnsd
-deny  ${PATH}/nslookup
+blacklist ${PATH}/nslookup
-deny  ${PATH}/resolvectl
+blacklist ${PATH}/resolvectl
-deny  ${PATH}/unbound-host
+blacklist ${PATH}/unbound-host
 # rest of ${RUNUSER}
-deny  ${RUNUSER}/*.lock
+blacklist ${RUNUSER}/*.lock
-deny  ${RUNUSER}/inaccessible
+blacklist ${RUNUSER}/inaccessible
-deny  ${RUNUSER}/pk-debconf-socket
+blacklist ${RUNUSER}/pk-debconf-socket
-deny  ${RUNUSER}/update-notifier.pid
+blacklist ${RUNUSER}/update-notifier.pid
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc
index a893eb3f3..e74b1b40b 100644
--- a/etc/inc/disable-devel.inc
+++ b/etc/inc/disable-devel.inc
@@ -5,65 +5,65 @@ include disable-devel.local
 # development tools
 # clang/llvm
-deny  ${PATH}/clang*
+blacklist ${PATH}/clang*
-deny  ${PATH}/lldb*
+blacklist ${PATH}/lldb*
-deny  ${PATH}/llvm*
+blacklist ${PATH}/llvm*
 # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
 # blacklist /usr/lib/llvm*
 # GCC
-deny  ${PATH}/as
+blacklist ${PATH}/as
-deny  ${PATH}/cc
+blacklist ${PATH}/cc
-deny  ${PATH}/c++*
+blacklist ${PATH}/c++*
-deny  ${PATH}/c8*
+blacklist ${PATH}/c8*
-deny  ${PATH}/c9*
+blacklist ${PATH}/c9*
-deny  ${PATH}/cpp*
+blacklist ${PATH}/cpp*
-deny  ${PATH}/g++*
+blacklist ${PATH}/g++*
-deny  ${PATH}/gcc*
+blacklist ${PATH}/gcc*
-deny  ${PATH}/gdb
+blacklist ${PATH}/gdb
-deny  ${PATH}/ld
+blacklist ${PATH}/ld
-deny  ${PATH}/*-gcc*
+blacklist ${PATH}/*-gcc*
-deny  ${PATH}/*-g++*
+blacklist ${PATH}/*-g++*
-deny  ${PATH}/*-gcc*
+blacklist ${PATH}/*-gcc*
-deny  ${PATH}/*-g++*
+blacklist ${PATH}/*-g++*
 # seems to create problems on Gentoo
 #blacklist /usr/lib/gcc
 #Go
-deny  ${PATH}/gccgo
+blacklist ${PATH}/gccgo
-deny  ${PATH}/go
+blacklist ${PATH}/go
-deny  ${PATH}/gofmt
+blacklist ${PATH}/gofmt
 # Java
-deny  ${PATH}/java
+blacklist ${PATH}/java
-deny  ${PATH}/javac
+blacklist ${PATH}/javac
-deny  /etc/java
+blacklist /etc/java
-deny  /usr/lib/java
+blacklist /usr/lib/java
-deny  /usr/share/java
+blacklist /usr/share/java
 #OpenSSL
-deny  ${PATH}/openssl
+blacklist ${PATH}/openssl
-deny  ${PATH}/openssl-1.0
+blacklist ${PATH}/openssl-1.0
 #Rust
-deny  ${PATH}/rust-gdb
+blacklist ${PATH}/rust-gdb
-deny  ${PATH}/rust-lldb
+blacklist ${PATH}/rust-lldb
-deny  ${PATH}/rustc
+blacklist ${PATH}/rustc
-deny  ${HOME}/.rustup
+blacklist ${HOME}/.rustup
 # tcc - Tiny C Compiler
-deny  ${PATH}/tcc
+blacklist ${PATH}/tcc
-deny  ${PATH}/x86_64-tcc
+blacklist ${PATH}/x86_64-tcc
-deny  /usr/lib/tcc
+blacklist /usr/lib/tcc
 # Valgrind
-deny  ${PATH}/valgrind*
+blacklist ${PATH}/valgrind*
-deny  /usr/lib/valgrind
+blacklist /usr/lib/valgrind
 # Source-Code
-deny  /usr/src
+blacklist /usr/src
-deny  /usr/local/src
+blacklist /usr/local/src
-deny  /usr/include
+blacklist /usr/include
-deny  /usr/local/include
+blacklist /usr/local/include
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc
index c77d9a490..5d8a236fb 100644
--- a/etc/inc/disable-interpreters.inc
+++ b/etc/inc/disable-interpreters.inc
@@ -3,66 +3,66 @@
 include disable-interpreters.local
 # gjs
-deny  ${PATH}/gjs
+blacklist ${PATH}/gjs
-deny  ${PATH}/gjs-console
+blacklist ${PATH}/gjs-console
-deny  /usr/lib/gjs
+blacklist /usr/lib/gjs
-deny  /usr/lib/libgjs*
+blacklist /usr/lib/libgjs*
-deny  /usr/lib64/gjs
+blacklist /usr/lib64/gjs
-deny  /usr/lib64/libgjs*
+blacklist /usr/lib64/libgjs*
 # Lua
-deny  ${PATH}/lua*
+blacklist ${PATH}/lua*
-deny  /usr/include/lua*
+blacklist /usr/include/lua*
-deny  /usr/lib/liblua*
+blacklist /usr/lib/liblua*
-deny  /usr/lib/lua
+blacklist /usr/lib/lua
-deny  /usr/lib64/liblua*
+blacklist /usr/lib64/liblua*
-deny  /usr/lib64/lua
+blacklist /usr/lib64/lua
-deny  /usr/share/lua*
+blacklist /usr/share/lua*
 # mozjs
-deny  /usr/lib/libmozjs-*
+blacklist /usr/lib/libmozjs-*
-deny  /usr/lib64/libmozjs-*
+blacklist /usr/lib64/libmozjs-*
 # Node.js
-deny  ${PATH}/node
+blacklist ${PATH}/node
-deny  /usr/include/node
+blacklist /usr/include/node
 # nvm
-deny  ${HOME}/.nvm
+blacklist ${HOME}/.nvm
 # Perl
-deny  ${PATH}/core_perl
+blacklist ${PATH}/core_perl
-deny  ${PATH}/cpan*
+blacklist ${PATH}/cpan*
-deny  ${PATH}/perl
+blacklist ${PATH}/perl
-deny  ${PATH}/site_perl
+blacklist ${PATH}/site_perl
-deny  ${PATH}/vendor_perl
+blacklist ${PATH}/vendor_perl
-deny  /usr/lib/perl*
+blacklist /usr/lib/perl*
-deny  /usr/lib64/perl*
+blacklist /usr/lib64/perl*
-deny  /usr/share/perl*
+blacklist /usr/share/perl*
 # PHP
-deny  ${PATH}/php*
+blacklist ${PATH}/php*
-deny  /usr/lib/php*
+blacklist /usr/lib/php*
-deny  /usr/share/php*
+blacklist /usr/share/php*
 # Ruby
-deny  ${PATH}/ruby
+blacklist ${PATH}/ruby
-deny  /usr/lib/ruby
+blacklist /usr/lib/ruby
 # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus
 # Python 2
-deny  ${PATH}/python2*
+blacklist ${PATH}/python2*
-deny  /usr/include/python2*
+blacklist /usr/include/python2*
-deny  /usr/lib/python2*
+blacklist /usr/lib/python2*
-deny  /usr/local/lib/python2*
+blacklist /usr/local/lib/python2*
-deny  /usr/share/python2*
+blacklist /usr/share/python2*
 # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026)
 # Python 3
-deny  ${PATH}/python3*
+blacklist ${PATH}/python3*
-deny  /usr/include/python3*
+blacklist /usr/include/python3*
-deny  /usr/lib/python3*
+blacklist /usr/lib/python3*
-deny  /usr/lib64/python3*
+blacklist /usr/lib64/python3*
-deny  /usr/local/lib/python3*
+blacklist /usr/local/lib/python3*
-deny  /usr/share/python3*
+blacklist /usr/share/python3*
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc
index 0a61bc46f..3ed9a1b14 100644
--- a/etc/inc/disable-passwdmgr.inc
+++ b/etc/inc/disable-passwdmgr.inc
@@ -2,18 +2,18 @@
 # Persistent customizations should go in a .local file.
 include disable-passwdmgr.local
-deny  ${HOME}/.config/Bitwarden
+blacklist ${HOME}/.config/Bitwarden
-deny  ${HOME}/.config/KeePass
+blacklist ${HOME}/.config/KeePass
-deny  ${HOME}/.config/keepass
+blacklist ${HOME}/.config/keepass
-deny  ${HOME}/.config/keepassx
+blacklist ${HOME}/.config/keepassx
-deny  ${HOME}/.config/keepassxc
+blacklist ${HOME}/.config/keepassxc
-deny  ${HOME}/.config/KeePassXCrc
+blacklist ${HOME}/.config/KeePassXCrc
-deny  ${HOME}/.config/Sinew Software Systems
+blacklist ${HOME}/.config/Sinew Software Systems
-deny  ${HOME}/.fpm
+blacklist ${HOME}/.fpm
-deny  ${HOME}/.keepass
+blacklist ${HOME}/.keepass
-deny  ${HOME}/.keepassx
+blacklist ${HOME}/.keepassx
-deny  ${HOME}/.keepassxc
+blacklist ${HOME}/.keepassxc
-deny  ${HOME}/.lastpass
+blacklist ${HOME}/.lastpass
-deny  ${HOME}/.local/share/KeePass
+blacklist ${HOME}/.local/share/KeePass
-deny  ${HOME}/.local/share/keepass
+blacklist ${HOME}/.local/share/keepass
-deny  ${HOME}/.password-store
+blacklist ${HOME}/.password-store
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 5fe2f8c28..fd907034f 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -2,1097 +2,1097 @@
 # Persistent customizations should go in a .local file.
 include disable-programs.local
-deny  ${HOME}/.*coin
+blacklist ${HOME}/.*coin
-deny  ${HOME}/.8pecxstudios
+blacklist ${HOME}/.8pecxstudios
-deny  ${HOME}/.AndroidStudio*
+blacklist ${HOME}/.AndroidStudio*
-deny  ${HOME}/.Atom
+blacklist ${HOME}/.Atom
-deny  ${HOME}/.CLion*
+blacklist ${HOME}/.CLion*
-deny  ${HOME}/.FBReader
+blacklist ${HOME}/.FBReader
-deny  ${HOME}/.FontForge
+blacklist ${HOME}/.FontForge
-deny  ${HOME}/.IdeaIC*
+blacklist ${HOME}/.IdeaIC*
-deny  ${HOME}/.LuminanceHDR
+blacklist ${HOME}/.LuminanceHDR
-deny  ${HOME}/.Mathematica
+blacklist ${HOME}/.Mathematica
-deny  ${HOME}/.Natron
+blacklist ${HOME}/.Natron
-deny  ${HOME}/.PlayOnLinux
+blacklist ${HOME}/.PlayOnLinux
-deny  ${HOME}/.PyCharm*
+blacklist ${HOME}/.PyCharm*
-deny  ${HOME}/.Sayonara
+blacklist ${HOME}/.Sayonara
-deny  ${HOME}/.Steam
+blacklist ${HOME}/.Steam
-deny  ${HOME}/.Steampath
+blacklist ${HOME}/.Steampath
-deny  ${HOME}/.Steampid
+blacklist ${HOME}/.Steampid
-deny  ${HOME}/.TelegramDesktop
+blacklist ${HOME}/.TelegramDesktop
-deny  ${HOME}/.VSCodium
+blacklist ${HOME}/.VSCodium
-deny  ${HOME}/.ViberPC
+blacklist ${HOME}/.ViberPC
-deny  ${HOME}/.VirtualBox
+blacklist ${HOME}/.VirtualBox
-deny  ${HOME}/.WebStorm*
+blacklist ${HOME}/.WebStorm*
-deny  ${HOME}/.Wolfram Research
+blacklist ${HOME}/.Wolfram Research
-deny  ${HOME}/.ZAP
+blacklist ${HOME}/.ZAP
-deny  ${HOME}/.aMule
+blacklist ${HOME}/.aMule
-deny  ${HOME}/.abook
+blacklist ${HOME}/.abook
-deny  ${HOME}/.addressbook
+blacklist ${HOME}/.addressbook
-deny  ${HOME}/.alpine-smime
+blacklist ${HOME}/.alpine-smime
-deny  ${HOME}/.android
+blacklist ${HOME}/.android
-deny  ${HOME}/.anydesk
+blacklist ${HOME}/.anydesk
-deny  ${HOME}/.arduino15
+blacklist ${HOME}/.arduino15
-deny  ${HOME}/.aria2
+blacklist ${HOME}/.aria2
-deny  ${HOME}/.arm
+blacklist ${HOME}/.arm
-deny  ${HOME}/.asunder_album_artist
+blacklist ${HOME}/.asunder_album_artist
-deny  ${HOME}/.asunder_album_genre
+blacklist ${HOME}/.asunder_album_genre
-deny  ${HOME}/.asunder_album_title
+blacklist ${HOME}/.asunder_album_title
-deny  ${HOME}/.atom
+blacklist ${HOME}/.atom
-deny  ${HOME}/.attic
+blacklist ${HOME}/.attic
-deny  ${HOME}/.audacity-data
+blacklist ${HOME}/.audacity-data
-deny  ${HOME}/.avidemux6
+blacklist ${HOME}/.avidemux6
-deny  ${HOME}/.ballbuster.hs
+blacklist ${HOME}/.ballbuster.hs
-deny  ${HOME}/.balsa
+blacklist ${HOME}/.balsa
-deny  ${HOME}/.bcast5
+blacklist ${HOME}/.bcast5
-deny  ${HOME}/.bibletime
+blacklist ${HOME}/.bibletime
-deny  ${HOME}/.bitcoin
+blacklist ${HOME}/.bitcoin
-deny  ${HOME}/.blobby
+blacklist ${HOME}/.blobby
-deny  ${HOME}/.bogofilter
+blacklist ${HOME}/.bogofilter
-deny  ${HOME}/.bzf
+blacklist ${HOME}/.bzf
-deny  ${HOME}/.cargo/*
+blacklist ${HOME}/.cargo/*
-deny  ${HOME}/.claws-mail
+blacklist ${HOME}/.claws-mail
-deny  ${HOME}/.cliqz
+blacklist ${HOME}/.cliqz
-deny  ${HOME}/.clion*
+blacklist ${HOME}/.clion*
-deny  ${HOME}/.clonk
+blacklist ${HOME}/.clonk
-deny  ${HOME}/.config/0ad
+blacklist ${HOME}/.config/0ad
-deny  ${HOME}/.config/2048-qt
+blacklist ${HOME}/.config/2048-qt
-deny  ${HOME}/.config/Atom
+blacklist ${HOME}/.config/Atom
-deny  ${HOME}/.config/Audaciousrc
+blacklist ${HOME}/.config/Audaciousrc
-deny  ${HOME}/.config/Authenticator
+blacklist ${HOME}/.config/Authenticator
-deny  ${HOME}/.config/Beaker Browser
+blacklist ${HOME}/.config/Beaker Browser
-deny  ${HOME}/.config/Bitcoin
+blacklist ${HOME}/.config/Bitcoin
-deny  ${HOME}/.config/Bitwarden
+blacklist ${HOME}/.config/Bitwarden
-deny  ${HOME}/.config/Brackets
+blacklist ${HOME}/.config/Brackets
-deny  ${HOME}/.config/BraveSoftware
+blacklist ${HOME}/.config/BraveSoftware
-deny  ${HOME}/.config/Clementine
+blacklist ${HOME}/.config/Clementine
-deny  ${HOME}/.config/Code
+blacklist ${HOME}/.config/Code
-deny  ${HOME}/.config/Code - OSS
+blacklist ${HOME}/.config/Code - OSS
-deny  ${HOME}/.config/Code Industry
+blacklist ${HOME}/.config/Code Industry
-deny  ${HOME}/.config/Cryptocat
+blacklist ${HOME}/.config/Cryptocat
-deny  ${HOME}/.config/Debauchee/Barrier.conf
+blacklist ${HOME}/.config/Debauchee/Barrier.conf
-deny  ${HOME}/.config/Dharkael
+blacklist ${HOME}/.config/Dharkael
-deny  ${HOME}/.config/ENCOM
+blacklist ${HOME}/.config/ENCOM
-deny  ${HOME}/.config/Element
+blacklist ${HOME}/.config/Element
-deny  ${HOME}/.config/Element (Riot)
+blacklist ${HOME}/.config/Element (Riot)
-deny  ${HOME}/.config/Enox
+blacklist ${HOME}/.config/Enox
-deny  ${HOME}/.config/Epic
+blacklist ${HOME}/.config/Epic
-deny  ${HOME}/.config/Ferdi
+blacklist ${HOME}/.config/Ferdi
-deny  ${HOME}/.config/Flavio Tordini
+blacklist ${HOME}/.config/Flavio Tordini
-deny  ${HOME}/.config/Franz
+blacklist ${HOME}/.config/Franz
-deny  ${HOME}/.config/FreeCAD
+blacklist ${HOME}/.config/FreeCAD
-deny  ${HOME}/.config/FreeTube
+blacklist ${HOME}/.config/FreeTube
-deny  ${HOME}/.config/Fritzing
+blacklist ${HOME}/.config/Fritzing
-deny  ${HOME}/.config/GIMP
+blacklist ${HOME}/.config/GIMP
-deny  ${HOME}/.config/GitHub Desktop
+blacklist ${HOME}/.config/GitHub Desktop
-deny  ${HOME}/.config/Gitter
+blacklist ${HOME}/.config/Gitter
-deny  ${HOME}/.config/Google
+blacklist ${HOME}/.config/Google
-deny  ${HOME}/.config/Google Play Music Desktop Player
+blacklist ${HOME}/.config/Google Play Music Desktop Player
-deny  ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/Gpredict
-deny  ${HOME}/.config/INRIA
+blacklist ${HOME}/.config/INRIA
-deny  ${HOME}/.config/InSilmaril
+blacklist ${HOME}/.config/InSilmaril
-deny  ${HOME}/.config/Jitsi Meet
+blacklist ${HOME}/.config/Jitsi Meet
-deny  ${HOME}/.config/JetBrains/CLion*
+blacklist ${HOME}/.config/JetBrains/CLion*
-deny  ${HOME}/.config/KDE/neochat
+blacklist ${HOME}/.config/KDE/neochat
-deny  ${HOME}/.config/Kid3
+blacklist ${HOME}/.config/Kid3
-deny  ${HOME}/.config/Kingsoft
+blacklist ${HOME}/.config/Kingsoft
-deny  ${HOME}/.config/LibreCAD
+blacklist ${HOME}/.config/LibreCAD
-deny  ${HOME}/.config/Loop_Hero
+blacklist ${HOME}/.config/Loop_Hero
-deny  ${HOME}/.config/Luminance
+blacklist ${HOME}/.config/Luminance
-deny  ${HOME}/.config/LyX
+blacklist ${HOME}/.config/LyX
-deny  ${HOME}/.config/Mattermost
+blacklist ${HOME}/.config/Mattermost
-deny  ${HOME}/.config/Meltytech
+blacklist ${HOME}/.config/Meltytech
-deny  ${HOME}/.config/Mendeley Ltd.
+blacklist ${HOME}/.config/Mendeley Ltd.
-deny  ${HOME}/.config/Microsoft
+blacklist ${HOME}/.config/Microsoft
-deny  ${HOME}/.config/Min
+blacklist ${HOME}/.config/Min
-deny  ${HOME}/.config/ModTheSpire
+blacklist ${HOME}/.config/ModTheSpire
-deny  ${HOME}/.config/Mousepad
+blacklist ${HOME}/.config/Mousepad
-deny  ${HOME}/.config/Mumble
+blacklist ${HOME}/.config/Mumble
-deny  ${HOME}/.config/MusE
+blacklist ${HOME}/.config/MusE
-deny  ${HOME}/.config/MuseScore
+blacklist ${HOME}/.config/MuseScore
-deny  ${HOME}/.config/MusicBrainz
+blacklist ${HOME}/.config/MusicBrainz
-deny  ${HOME}/.config/Nathan Osman
+blacklist ${HOME}/.config/Nathan Osman
-deny  ${HOME}/.config/Nextcloud
+blacklist ${HOME}/.config/Nextcloud
-deny  ${HOME}/.config/NitroShare
+blacklist ${HOME}/.config/NitroShare
-deny  ${HOME}/.config/Nylas Mail
+blacklist ${HOME}/.config/Nylas Mail
-deny  ${HOME}/.config/PBE
+blacklist ${HOME}/.config/PBE
-deny  ${HOME}/.config/PacmanLogViewer
+blacklist ${HOME}/.config/PacmanLogViewer
-deny  ${HOME}/.config/PawelStolowski
+blacklist ${HOME}/.config/PawelStolowski
-deny  ${HOME}/.config/Philipp Schmieder
+blacklist ${HOME}/.config/Philipp Schmieder
-deny  ${HOME}/.config/Pinta
+blacklist ${HOME}/.config/Pinta
-deny  ${HOME}/.config/QGIS
+blacklist ${HOME}/.config/QGIS
-deny  ${HOME}/.config/QMediathekView
+blacklist ${HOME}/.config/QMediathekView
-deny  ${HOME}/.config/Qlipper
+blacklist ${HOME}/.config/Qlipper
-deny  ${HOME}/.config/QuiteRss
+blacklist ${HOME}/.config/QuiteRss
-deny  ${HOME}/.config/QuiteRssrc
+blacklist ${HOME}/.config/QuiteRssrc
-deny  ${HOME}/.config/Quotient
+blacklist ${HOME}/.config/Quotient
-deny  ${HOME}/.config/Rambox
+blacklist ${HOME}/.config/Rambox
-deny  ${HOME}/.config/Riot
+blacklist ${HOME}/.config/Riot
-deny  ${HOME}/.config/Rocket.Chat
+blacklist ${HOME}/.config/Rocket.Chat
-deny  ${HOME}/.config/RogueLegacy
+blacklist ${HOME}/.config/RogueLegacy
-deny  ${HOME}/.config/RogueLegacyStorageContainer
+blacklist ${HOME}/.config/RogueLegacyStorageContainer
-deny  ${HOME}/.config/Signal
+blacklist ${HOME}/.config/Signal
-deny  ${HOME}/.config/Sinew Software Systems
+blacklist ${HOME}/.config/Sinew Software Systems
-deny  ${HOME}/.config/Slack
+blacklist ${HOME}/.config/Slack
-deny  ${HOME}/.config/Standard Notes
+blacklist ${HOME}/.config/Standard Notes
-deny  ${HOME}/.config/SubDownloader
+blacklist ${HOME}/.config/SubDownloader
-deny  ${HOME}/.config/Thunar
+blacklist ${HOME}/.config/Thunar
-deny  ${HOME}/.config/Twitch
+blacklist ${HOME}/.config/Twitch
-deny  ${HOME}/.config/Unknown Organization
+blacklist ${HOME}/.config/Unknown Organization
-deny  ${HOME}/.config/VirtualBox
+blacklist ${HOME}/.config/VirtualBox
-deny  ${HOME}/.config/Whalebird
+blacklist ${HOME}/.config/Whalebird
-deny  ${HOME}/.config/Wire
+blacklist ${HOME}/.config/Wire
-deny  ${HOME}/.config/Youtube
+blacklist ${HOME}/.config/Youtube
-deny  ${HOME}/.config/ZeGrapher Project
+blacklist ${HOME}/.config/ZeGrapher Project
-deny  ${HOME}/.config/Zeal
+blacklist ${HOME}/.config/Zeal
-deny  ${HOME}/.config/Zulip
+blacklist ${HOME}/.config/Zulip
-deny  ${HOME}/.config/aacs
+blacklist ${HOME}/.config/aacs
-deny  ${HOME}/.config/abiword
+blacklist ${HOME}/.config/abiword
-deny  ${HOME}/.config/agenda
+blacklist ${HOME}/.config/agenda
-deny  ${HOME}/.config/akonadi*
+blacklist ${HOME}/.config/akonadi*
-deny  ${HOME}/.config/akregatorrc
+blacklist ${HOME}/.config/akregatorrc
-deny  ${HOME}/.config/alacritty
+blacklist ${HOME}/.config/alacritty
-deny  ${HOME}/.config/ardour4
+blacklist ${HOME}/.config/ardour4
-deny  ${HOME}/.config/ardour5
+blacklist ${HOME}/.config/ardour5
-deny  ${HOME}/.config/aria2
+blacklist ${HOME}/.config/aria2
-deny  ${HOME}/.config/arkrc
+blacklist ${HOME}/.config/arkrc
-deny  ${HOME}/.config/artha.conf
+blacklist ${HOME}/.config/artha.conf
-deny  ${HOME}/.config/artha.log
+blacklist ${HOME}/.config/artha.log
-deny  ${HOME}/.config/asunder
+blacklist ${HOME}/.config/asunder
-deny  ${HOME}/.config/atril
+blacklist ${HOME}/.config/atril
-deny  ${HOME}/.config/audacious
+blacklist ${HOME}/.config/audacious
-deny  ${HOME}/.config/autokey
+blacklist ${HOME}/.config/autokey
-deny  ${HOME}/.config/avidemux3_qt5rc
+blacklist ${HOME}/.config/avidemux3_qt5rc
-deny  ${HOME}/.config/aweather
+blacklist ${HOME}/.config/aweather
-deny  ${HOME}/.config/backintime
+blacklist ${HOME}/.config/backintime
-deny  ${HOME}/.config/baloofilerc
+blacklist ${HOME}/.config/baloofilerc
-deny  ${HOME}/.config/baloorc
+blacklist ${HOME}/.config/baloorc
-deny  ${HOME}/.config/bcompare
+blacklist ${HOME}/.config/bcompare
-deny  ${HOME}/.config/blender
+blacklist ${HOME}/.config/blender
-deny  ${HOME}/.config/bless
+blacklist ${HOME}/.config/bless
-deny  ${HOME}/.config/bnox
+blacklist ${HOME}/.config/bnox
-deny  ${HOME}/.config/borg
+blacklist ${HOME}/.config/borg
-deny  ${HOME}/.config/brasero
+blacklist ${HOME}/.config/brasero
-deny  ${HOME}/.config/brave
+blacklist ${HOME}/.config/brave
-deny  ${HOME}/.config/brave-flags.conf
+blacklist ${HOME}/.config/brave-flags.conf
-deny  ${HOME}/.config/caja
+blacklist ${HOME}/.config/caja
-deny  ${HOME}/.config/calibre
+blacklist ${HOME}/.config/calibre
-deny  ${HOME}/.config/cantata
+blacklist ${HOME}/.config/cantata
-deny  ${HOME}/.config/catfish
+blacklist ${HOME}/.config/catfish
-deny  ${HOME}/.config/cawbird
+blacklist ${HOME}/.config/cawbird
-deny  ${HOME}/.config/celluloid
+blacklist ${HOME}/.config/celluloid
-deny  ${HOME}/.config/cherrytree
+blacklist ${HOME}/.config/cherrytree
-deny  ${HOME}/.config/chrome-beta-flags.conf
+blacklist ${HOME}/.config/chrome-beta-flags.conf
-deny  ${HOME}/.config/chrome-beta-flags.config
+blacklist ${HOME}/.config/chrome-beta-flags.config
-deny  ${HOME}/.config/chrome-flags.conf
+blacklist ${HOME}/.config/chrome-flags.conf
-deny  ${HOME}/.config/chrome-flags.config
+blacklist ${HOME}/.config/chrome-flags.config
-deny  ${HOME}/.config/chrome-unstable-flags.conf
+blacklist ${HOME}/.config/chrome-unstable-flags.conf
-deny  ${HOME}/.config/chrome-unstable-flags.config
+blacklist ${HOME}/.config/chrome-unstable-flags.config
-deny  ${HOME}/.config/chromium
+blacklist ${HOME}/.config/chromium
-deny  ${HOME}/.config/chromium-dev
+blacklist ${HOME}/.config/chromium-dev
-deny  ${HOME}/.config/chromium-flags.conf
+blacklist ${HOME}/.config/chromium-flags.conf
-deny  ${HOME}/.config/clipit
+blacklist ${HOME}/.config/clipit
-deny  ${HOME}/.config/cliqz
+blacklist ${HOME}/.config/cliqz
-deny  ${HOME}/.config/cmus
+blacklist ${HOME}/.config/cmus
-deny  ${HOME}/.config/com.github.bleakgrey.tootle
+blacklist ${HOME}/.config/com.github.bleakgrey.tootle
-deny  ${HOME}/.config/corebird
+blacklist ${HOME}/.config/corebird
-deny  ${HOME}/.config/cower
+blacklist ${HOME}/.config/cower
-deny  ${HOME}/.config/coyim
+blacklist ${HOME}/.config/coyim
-deny  ${HOME}/.config/d-feet
+blacklist ${HOME}/.config/d-feet
-deny  ${HOME}/.config/darktable
+blacklist ${HOME}/.config/darktable
-deny  ${HOME}/.config/deadbeef
+blacklist ${HOME}/.config/deadbeef
-deny  ${HOME}/.config/deluge
+blacklist ${HOME}/.config/deluge
-deny  ${HOME}/.config/devilspie2
+blacklist ${HOME}/.config/devilspie2
-deny  ${HOME}/.config/digikam
+blacklist ${HOME}/.config/digikam
-deny  ${HOME}/.config/digikamrc
+blacklist ${HOME}/.config/digikamrc
-deny  ${HOME}/.config/discord
+blacklist ${HOME}/.config/discord
-deny  ${HOME}/.config/discordcanary
+blacklist ${HOME}/.config/discordcanary
-deny  ${HOME}/.config/dkl
+blacklist ${HOME}/.config/dkl
-deny  ${HOME}/.config/dnox
+blacklist ${HOME}/.config/dnox
-deny  ${HOME}/.config/dolphin-emu
+blacklist ${HOME}/.config/dolphin-emu
-deny  ${HOME}/.config/dolphinrc
+blacklist ${HOME}/.config/dolphinrc
-deny  ${HOME}/.config/dragonplayerrc
+blacklist ${HOME}/.config/dragonplayerrc
-deny  ${HOME}/.config/draw.io
+blacklist ${HOME}/.config/draw.io
-deny  ${HOME}/.config/electron-mail
+blacklist ${HOME}/.config/electron-mail
-deny  ${HOME}/.config/emaildefaults
+blacklist ${HOME}/.config/emaildefaults
-deny  ${HOME}/.config/emailidentities
+blacklist ${HOME}/.config/emailidentities
-deny  ${HOME}/.config/emilia
+blacklist ${HOME}/.config/emilia
-deny  ${HOME}/.config/enchant
+blacklist ${HOME}/.config/enchant
-deny  ${HOME}/.config/eog
+blacklist ${HOME}/.config/eog
-deny  ${HOME}/.config/epiphany
+blacklist ${HOME}/.config/epiphany
-deny  ${HOME}/.config/equalx
+blacklist ${HOME}/.config/equalx
-deny  ${HOME}/.config/evince
+blacklist ${HOME}/.config/evince
-deny  ${HOME}/.config/evolution
+blacklist ${HOME}/.config/evolution
-deny  ${HOME}/.config/falkon
+blacklist ${HOME}/.config/falkon
-deny  ${HOME}/.config/filezilla
+blacklist ${HOME}/.config/filezilla
-deny  ${HOME}/.config/flameshot
+blacklist ${HOME}/.config/flameshot
-deny  ${HOME}/.config/flaska.net
+blacklist ${HOME}/.config/flaska.net
-deny  ${HOME}/.config/flowblade
+blacklist ${HOME}/.config/flowblade
-deny  ${HOME}/.config/font-manager
+blacklist ${HOME}/.config/font-manager
-deny  ${HOME}/.config/freecol
+blacklist ${HOME}/.config/freecol
-deny  ${HOME}/.config/gajim
+blacklist ${HOME}/.config/gajim
-deny  ${HOME}/.config/galculator
+blacklist ${HOME}/.config/galculator
-deny  ${HOME}/.config/gconf
+blacklist ${HOME}/.config/gconf
-deny  ${HOME}/.config/geany
+blacklist ${HOME}/.config/geany
-deny  ${HOME}/.config/geary
+blacklist ${HOME}/.config/geary
-deny  ${HOME}/.config/gedit
+blacklist ${HOME}/.config/gedit
-deny  ${HOME}/.config/geeqie
+blacklist ${HOME}/.config/geeqie
-deny  ${HOME}/.config/ghb
+blacklist ${HOME}/.config/ghb
-deny  ${HOME}/.config/ghostwriter
+blacklist ${HOME}/.config/ghostwriter
-deny  ${HOME}/.config/git
+blacklist ${HOME}/.config/git
-deny  ${HOME}/.config/git-cola
+blacklist ${HOME}/.config/git-cola
-deny  ${HOME}/.config/glade.conf
+blacklist ${HOME}/.config/glade.conf
-deny  ${HOME}/.config/globaltime
+blacklist ${HOME}/.config/globaltime
-deny  ${HOME}/.config/gmpc
+blacklist ${HOME}/.config/gmpc
-deny  ${HOME}/.config/gnome-builder
+blacklist ${HOME}/.config/gnome-builder
-deny  ${HOME}/.config/gnome-chess
+blacklist ${HOME}/.config/gnome-chess
-deny  ${HOME}/.config/gnome-control-center
+blacklist ${HOME}/.config/gnome-control-center
-deny  ${HOME}/.config/gnome-initial-setup-done
+blacklist ${HOME}/.config/gnome-initial-setup-done
-deny  ${HOME}/.config/gnome-latex
+blacklist ${HOME}/.config/gnome-latex
-deny  ${HOME}/.config/gnome-mplayer
+blacklist ${HOME}/.config/gnome-mplayer
-deny  ${HOME}/.config/gnome-mpv
+blacklist ${HOME}/.config/gnome-mpv
-deny  ${HOME}/.config/gnome-pie
+blacklist ${HOME}/.config/gnome-pie
-deny  ${HOME}/.config/gnome-session
+blacklist ${HOME}/.config/gnome-session
-deny  ${HOME}/.config/gnote
+blacklist ${HOME}/.config/gnote
-deny  ${HOME}/.config/godot
+blacklist ${HOME}/.config/godot
-deny  ${HOME}/.config/google-chrome
+blacklist ${HOME}/.config/google-chrome
-deny  ${HOME}/.config/google-chrome-beta
+blacklist ${HOME}/.config/google-chrome-beta
-deny  ${HOME}/.config/google-chrome-unstable
+blacklist ${HOME}/.config/google-chrome-unstable
-deny  ${HOME}/.config/gpicview
+blacklist ${HOME}/.config/gpicview
-deny  ${HOME}/.config/gthumb
+blacklist ${HOME}/.config/gthumb
-deny  ${HOME}/.config/gummi
+blacklist ${HOME}/.config/gummi
-deny  ${HOME}/.config/guvcview2
+blacklist ${HOME}/.config/guvcview2
-deny  ${HOME}/.config/gwenviewrc
+blacklist ${HOME}/.config/gwenviewrc
-deny  ${HOME}/.config/hexchat
+blacklist ${HOME}/.config/hexchat
-deny  ${HOME}/.config/homebank
+blacklist ${HOME}/.config/homebank
-deny  ${HOME}/.config/i2p
+blacklist ${HOME}/.config/i2p
-deny  ${HOME}/.config/inkscape
+blacklist ${HOME}/.config/inkscape
-deny  ${HOME}/.config/inox
+blacklist ${HOME}/.config/inox
-deny  ${HOME}/.config/iridium
+blacklist ${HOME}/.config/iridium
-deny  ${HOME}/.config/itch
+blacklist ${HOME}/.config/itch
-deny  ${HOME}/.config/jami
+blacklist ${HOME}/.config/jami
-deny  ${HOME}/.config/jd-gui.cfg
+blacklist ${HOME}/.config/jd-gui.cfg
-deny  ${HOME}/.config/k3brc
+blacklist ${HOME}/.config/k3brc
-deny  ${HOME}/.config/kaffeinerc
+blacklist ${HOME}/.config/kaffeinerc
-deny  ${HOME}/.config/kalgebrarc
+blacklist ${HOME}/.config/kalgebrarc
-deny  ${HOME}/.config/katemetainfos
+blacklist ${HOME}/.config/katemetainfos
-deny  ${HOME}/.config/katepartrc
+blacklist ${HOME}/.config/katepartrc
-deny  ${HOME}/.config/katerc
+blacklist ${HOME}/.config/katerc
-deny  ${HOME}/.config/kateschemarc
+blacklist ${HOME}/.config/kateschemarc
-deny  ${HOME}/.config/katesyntaxhighlightingrc
+blacklist ${HOME}/.config/katesyntaxhighlightingrc
-deny  ${HOME}/.config/katevirc
+blacklist ${HOME}/.config/katevirc
-deny  ${HOME}/.config/kazam
+blacklist ${HOME}/.config/kazam
-deny  ${HOME}/.config/kdeconnect
+blacklist ${HOME}/.config/kdeconnect
-deny  ${HOME}/.config/kdenliverc
+blacklist ${HOME}/.config/kdenliverc
-deny  ${HOME}/.config/kdiff3fileitemactionrc
+blacklist ${HOME}/.config/kdiff3fileitemactionrc
-deny  ${HOME}/.config/kdiff3rc
+blacklist ${HOME}/.config/kdiff3rc
-deny  ${HOME}/.config/kfindrc
+blacklist ${HOME}/.config/kfindrc
-deny  ${HOME}/.config/kgetrc
+blacklist ${HOME}/.config/kgetrc
-deny  ${HOME}/.config/kid3rc
+blacklist ${HOME}/.config/kid3rc
-deny  ${HOME}/.config/klavaro
+blacklist ${HOME}/.config/klavaro
-deny  ${HOME}/.config/klipperrc
+blacklist ${HOME}/.config/klipperrc
-deny  ${HOME}/.config/kmail2rc
+blacklist ${HOME}/.config/kmail2rc
-deny  ${HOME}/.config/kmailsearchindexingrc
+blacklist ${HOME}/.config/kmailsearchindexingrc
-deny  ${HOME}/.config/kmplayerrc
+blacklist ${HOME}/.config/kmplayerrc
-deny  ${HOME}/.config/knotesrc
+blacklist ${HOME}/.config/knotesrc
-deny  ${HOME}/.config/konversation.notifyrc
+blacklist ${HOME}/.config/konversation.notifyrc
-deny  ${HOME}/.config/konversationrc
+blacklist ${HOME}/.config/konversationrc
-deny  ${HOME}/.config/kritarc
+blacklist ${HOME}/.config/kritarc
-deny  ${HOME}/.config/ktorrentrc
+blacklist ${HOME}/.config/ktorrentrc
-deny  ${HOME}/.config/ktouch2rc
+blacklist ${HOME}/.config/ktouch2rc
-deny  ${HOME}/.config/kube
+blacklist ${HOME}/.config/kube
-deny  ${HOME}/.config/kwriterc
+blacklist ${HOME}/.config/kwriterc
-deny  ${HOME}/.config/leafpad
+blacklist ${HOME}/.config/leafpad
-deny  ${HOME}/.config/libreoffice
+blacklist ${HOME}/.config/libreoffice
-deny  ${HOME}/.config/liferea
+blacklist ${HOME}/.config/liferea
-deny  ${HOME}/.config/linphone
+blacklist ${HOME}/.config/linphone
-deny  ${HOME}/.config/lugaru
+blacklist ${HOME}/.config/lugaru
-deny  ${HOME}/.config/lutris
+blacklist ${HOME}/.config/lutris
-deny  ${HOME}/.config/lximage-qt
+blacklist ${HOME}/.config/lximage-qt
-deny  ${HOME}/.config/mailtransports
+blacklist ${HOME}/.config/mailtransports
-deny  ${HOME}/.config/mana
+blacklist ${HOME}/.config/mana
-deny  ${HOME}/.config/mate-calc
+blacklist ${HOME}/.config/mate-calc
-deny  ${HOME}/.config/mate/eom
+blacklist ${HOME}/.config/mate/eom
-deny  ${HOME}/.config/mate/mate-dictionary
+blacklist ${HOME}/.config/mate/mate-dictionary
-deny  ${HOME}/.config/matrix-mirage
+blacklist ${HOME}/.config/matrix-mirage
-deny  ${HOME}/.config/mcomix
+blacklist ${HOME}/.config/mcomix
-deny  ${HOME}/.config/meld
+blacklist ${HOME}/.config/meld
-deny  ${HOME}/.config/menulibre.cfg
+blacklist ${HOME}/.config/menulibre.cfg
-deny  ${HOME}/.config/meteo-qt
+blacklist ${HOME}/.config/meteo-qt
-deny  ${HOME}/.config/mfusion
+blacklist ${HOME}/.config/mfusion
-deny  ${HOME}/.config/microsoft-edge-dev
+blacklist ${HOME}/.config/microsoft-edge-dev
-deny  ${HOME}/.config/midori
+blacklist ${HOME}/.config/midori
-deny  ${HOME}/.config/mirage
+blacklist ${HOME}/.config/mirage
-deny  ${HOME}/.config/mono
+blacklist ${HOME}/.config/mono
-deny  ${HOME}/.config/mpDris2
+blacklist ${HOME}/.config/mpDris2
-deny  ${HOME}/.config/mpd
+blacklist ${HOME}/.config/mpd
-deny  ${HOME}/.config/mps-youtube
+blacklist ${HOME}/.config/mps-youtube
-deny  ${HOME}/.config/mpv
+blacklist ${HOME}/.config/mpv
-deny  ${HOME}/.config/mupen64plus
+blacklist ${HOME}/.config/mupen64plus
-deny  ${HOME}/.config/mutt
+blacklist ${HOME}/.config/mutt
-deny  ${HOME}/.config/mutter
+blacklist ${HOME}/.config/mutter
-deny  ${HOME}/.config/mypaint
+blacklist ${HOME}/.config/mypaint
-deny  ${HOME}/.config/nano
+blacklist ${HOME}/.config/nano
-deny  ${HOME}/.config/nautilus
+blacklist ${HOME}/.config/nautilus
-deny  ${HOME}/.config/nemo
+blacklist ${HOME}/.config/nemo
-deny  ${HOME}/.config/neochat.notifyrc
+blacklist ${HOME}/.config/neochat.notifyrc
-deny  ${HOME}/.config/neochatrc
+blacklist ${HOME}/.config/neochatrc
-deny  ${HOME}/.config/neomutt
+blacklist ${HOME}/.config/neomutt
-deny  ${HOME}/.config/netsurf
+blacklist ${HOME}/.config/netsurf
-deny  ${HOME}/.config/newsbeuter
+blacklist ${HOME}/.config/newsbeuter
-deny  ${HOME}/.config/newsboat
+blacklist ${HOME}/.config/newsboat
-deny  ${HOME}/.config/newsflash
+blacklist ${HOME}/.config/newsflash
-deny  ${HOME}/.config/nheko
+blacklist ${HOME}/.config/nheko
-deny  ${HOME}/.config/nomacs
+blacklist ${HOME}/.config/nomacs
-deny  ${HOME}/.config/nuclear
+blacklist ${HOME}/.config/nuclear
-deny  ${HOME}/.config/obs-studio
+blacklist ${HOME}/.config/obs-studio
-deny  ${HOME}/.config/okularpartrc
+blacklist ${HOME}/.config/okularpartrc
-deny  ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/okularrc
-deny  ${HOME}/.config/onboard
+blacklist ${HOME}/.config/onboard
-deny  ${HOME}/.config/onionshare
+blacklist ${HOME}/.config/onionshare
-deny  ${HOME}/.config/onlyoffice
+blacklist ${HOME}/.config/onlyoffice
-deny  ${HOME}/.config/openmw
+blacklist ${HOME}/.config/openmw
-deny  ${HOME}/.config/opera
+blacklist ${HOME}/.config/opera
-deny  ${HOME}/.config/opera-beta
+blacklist ${HOME}/.config/opera-beta
-deny  ${HOME}/.config/orage
+blacklist ${HOME}/.config/orage
-deny  ${HOME}/.config/org.gabmus.gfeeds.json
+blacklist ${HOME}/.config/org.gabmus.gfeeds.json
-deny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-deny  ${HOME}/.config/org.kde.gwenviewrc
+blacklist ${HOME}/.config/org.kde.gwenviewrc
-deny  ${HOME}/.config/otter
+blacklist ${HOME}/.config/otter
-deny  ${HOME}/.config/pavucontrol-qt
+blacklist ${HOME}/.config/pavucontrol-qt
-deny  ${HOME}/.config/pavucontrol.ini
+blacklist ${HOME}/.config/pavucontrol.ini
-deny  ${HOME}/.config/pcmanfm
+blacklist ${HOME}/.config/pcmanfm
-deny  ${HOME}/.config/pdfmod
+blacklist ${HOME}/.config/pdfmod
-deny  ${HOME}/.config/pipe-viewer
+blacklist ${HOME}/.config/pipe-viewer
-deny  ${HOME}/.config/pitivi
+blacklist ${HOME}/.config/pitivi
-deny  ${HOME}/.config/pix
+blacklist ${HOME}/.config/pix
-deny  ${HOME}/.config/pluma
+blacklist ${HOME}/.config/pluma
-deny  ${HOME}/.config/ppsspp
+blacklist ${HOME}/.config/ppsspp
-deny  ${HOME}/.config/pragha
+blacklist ${HOME}/.config/pragha
-deny  ${HOME}/.config/profanity
+blacklist ${HOME}/.config/profanity
-deny  ${HOME}/.config/psi
+blacklist ${HOME}/.config/psi
-deny  ${HOME}/.config/psi+
+blacklist ${HOME}/.config/psi+
-deny  ${HOME}/.config/qBittorrent
+blacklist ${HOME}/.config/qBittorrent
-deny  ${HOME}/.config/qBittorrentrc
+blacklist ${HOME}/.config/qBittorrentrc
-deny  ${HOME}/.config/qnapi.ini
+blacklist ${HOME}/.config/qnapi.ini
-deny  ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/qpdfview
-deny  ${HOME}/.config/quodlibet
+blacklist ${HOME}/.config/quodlibet
-deny  ${HOME}/.config/qupzilla
+blacklist ${HOME}/.config/qupzilla
-deny  ${HOME}/.config/qutebrowser
+blacklist ${HOME}/.config/qutebrowser
-deny  ${HOME}/.config/ranger
+blacklist ${HOME}/.config/ranger
-deny  ${HOME}/.config/redshift
+blacklist ${HOME}/.config/redshift
-deny  ${HOME}/.config/redshift.conf
+blacklist ${HOME}/.config/redshift.conf
-deny  ${HOME}/.config/remmina
+blacklist ${HOME}/.config/remmina
-deny  ${HOME}/.config/ristretto
+blacklist ${HOME}/.config/ristretto
-deny  ${HOME}/.config/rtv
+blacklist ${HOME}/.config/rtv
-deny  ${HOME}/.config/scribus
+blacklist ${HOME}/.config/scribus
-deny  ${HOME}/.config/scribusrc
+blacklist ${HOME}/.config/scribusrc
-deny  ${HOME}/.config/sinew.in
+blacklist ${HOME}/.config/sinew.in
-deny  ${HOME}/.config/sink
+blacklist ${HOME}/.config/sink
-deny  ${HOME}/.config/skypeforlinux
+blacklist ${HOME}/.config/skypeforlinux
-deny  ${HOME}/.config/slimjet
+blacklist ${HOME}/.config/slimjet
-deny  ${HOME}/.config/smplayer
+blacklist ${HOME}/.config/smplayer
-deny  ${HOME}/.config/smtube
+blacklist ${HOME}/.config/smtube
-deny  ${HOME}/.config/smuxi
+blacklist ${HOME}/.config/smuxi
-deny  ${HOME}/.config/snox
+blacklist ${HOME}/.config/snox
-deny  ${HOME}/.config/sound-juicer
+blacklist ${HOME}/.config/sound-juicer
-deny  ${HOME}/.config/specialmailcollectionsrc
+blacklist ${HOME}/.config/specialmailcollectionsrc
-deny  ${HOME}/.config/spectaclerc
+blacklist ${HOME}/.config/spectaclerc
-deny  ${HOME}/.config/spotify
+blacklist ${HOME}/.config/spotify
-deny  ${HOME}/.config/sqlitebrowser
+blacklist ${HOME}/.config/sqlitebrowser
-deny  ${HOME}/.config/stellarium
+blacklist ${HOME}/.config/stellarium
-deny  ${HOME}/.config/straw-viewer
+blacklist ${HOME}/.config/straw-viewer
-deny  ${HOME}/.config/strawberry
+blacklist ${HOME}/.config/strawberry
-deny  ${HOME}/.config/supertuxkart
+blacklist ${HOME}/.config/supertuxkart
-deny  ${HOME}/.config/synfig
+blacklist ${HOME}/.config/synfig
-deny  ${HOME}/.config/teams
+blacklist ${HOME}/.config/teams
-deny  ${HOME}/.config/teams-for-linux
+blacklist ${HOME}/.config/teams-for-linux
-deny  ${HOME}/.config/telepathy-account-widgets
+blacklist ${HOME}/.config/telepathy-account-widgets
-deny  ${HOME}/.config/torbrowser
+blacklist ${HOME}/.config/torbrowser
-deny  ${HOME}/.config/totem
+blacklist ${HOME}/.config/totem
-deny  ${HOME}/.config/tox
+blacklist ${HOME}/.config/tox
-deny  ${HOME}/.config/transgui
+blacklist ${HOME}/.config/transgui
-deny  ${HOME}/.config/transmission
+blacklist ${HOME}/.config/transmission
-deny  ${HOME}/.config/truecraft
+blacklist ${HOME}/.config/truecraft
-deny  ${HOME}/.config/tuta_integration
+blacklist ${HOME}/.config/tuta_integration
-deny  ${HOME}/.config/tutanota-desktop
+blacklist ${HOME}/.config/tutanota-desktop
-deny  ${HOME}/.config/tvbrowser
+blacklist ${HOME}/.config/tvbrowser
-deny  ${HOME}/.config/uGet
+blacklist ${HOME}/.config/uGet
-deny  ${HOME}/.config/ungoogled-chromium
+blacklist ${HOME}/.config/ungoogled-chromium
-deny  ${HOME}/.config/uzbl
+blacklist ${HOME}/.config/uzbl
-deny  ${HOME}/.config/viewnior
+blacklist ${HOME}/.config/viewnior
-deny  ${HOME}/.config/vivaldi
+blacklist ${HOME}/.config/vivaldi
-deny  ${HOME}/.config/vivaldi-snapshot
+blacklist ${HOME}/.config/vivaldi-snapshot
-deny  ${HOME}/.config/vlc
+blacklist ${HOME}/.config/vlc
-deny  ${HOME}/.config/wesnoth
+blacklist ${HOME}/.config/wesnoth
-deny  ${HOME}/.config/wireshark
+blacklist ${HOME}/.config/wireshark
-deny  ${HOME}/.config/wormux
+blacklist ${HOME}/.config/wormux
-deny  ${HOME}/.config/xchat
+blacklist ${HOME}/.config/xchat
-deny  ${HOME}/.config/xed
+blacklist ${HOME}/.config/xed
-deny  ${HOME}/.config/xfburn
+blacklist ${HOME}/.config/xfburn
-deny  ${HOME}/.config/xfce4-dict
+blacklist ${HOME}/.config/xfce4-dict
-deny  ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
-deny  ${HOME}/.config/xfce4/xfce4-notes.rc
+blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
-deny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
-deny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-deny  ${HOME}/.config/xiaoyong
+blacklist ${HOME}/.config/xiaoyong
-deny  ${HOME}/.config/xmms2
+blacklist ${HOME}/.config/xmms2
-deny  ${HOME}/.config/xplayer
+blacklist ${HOME}/.config/xplayer
-deny  ${HOME}/.config/xreader
+blacklist ${HOME}/.config/xreader
-deny  ${HOME}/.config/xviewer
+blacklist ${HOME}/.config/xviewer
-deny  ${HOME}/.config/yandex-browser
+blacklist ${HOME}/.config/yandex-browser
-deny  ${HOME}/.config/yandex-browser-beta
+blacklist ${HOME}/.config/yandex-browser-beta
-deny  ${HOME}/.config/yelp
+blacklist ${HOME}/.config/yelp
-deny  ${HOME}/.config/youtube-dl
+blacklist ${HOME}/.config/youtube-dl
-deny  ${HOME}/.config/youtube-dlg
+blacklist ${HOME}/.config/youtube-dlg
-deny  ${HOME}/.config/youtube-music-desktop-app
+blacklist ${HOME}/.config/youtube-music-desktop-app
-deny  ${HOME}/.config/youtube-viewer
+blacklist ${HOME}/.config/youtube-viewer
-deny  ${HOME}/.config/youtubemusic-nativefier-040164
+blacklist ${HOME}/.config/youtubemusic-nativefier-040164
-deny  ${HOME}/.config/zathura
+blacklist ${HOME}/.config/zathura
-deny  ${HOME}/.config/zoomus.conf
+blacklist ${HOME}/.config/zoomus.conf
-deny  ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.conkeror.mozdev.org
-deny  ${HOME}/.crawl
+blacklist ${HOME}/.crawl
-deny  ${HOME}/.cups
+blacklist ${HOME}/.cups
-deny  ${HOME}/.curl-hsts
+blacklist ${HOME}/.curl-hsts
-deny  ${HOME}/.curlrc
+blacklist ${HOME}/.curlrc
-deny  ${HOME}/.dashcore
+blacklist ${HOME}/.dashcore
-deny  ${HOME}/.devilspie
+blacklist ${HOME}/.devilspie
-deny  ${HOME}/.dia
+blacklist ${HOME}/.dia
-deny  ${HOME}/.digrc
+blacklist ${HOME}/.digrc
-deny  ${HOME}/.dillo
+blacklist ${HOME}/.dillo
-deny  ${HOME}/.dooble
+blacklist ${HOME}/.dooble
-deny  ${HOME}/.dosbox
+blacklist ${HOME}/.dosbox
-deny  ${HOME}/.dropbox*
+blacklist ${HOME}/.dropbox*
-deny  ${HOME}/.easystroke
+blacklist ${HOME}/.easystroke
-deny  ${HOME}/.electron-cache
+blacklist ${HOME}/.electron-cache
-deny  ${HOME}/.electrum*
+blacklist ${HOME}/.electrum*
-deny  ${HOME}/.elinks
+blacklist ${HOME}/.elinks
-deny  ${HOME}/.emacs
+blacklist ${HOME}/.emacs
-deny  ${HOME}/.emacs.d
+blacklist ${HOME}/.emacs.d
-deny  ${HOME}/.equalx
+blacklist ${HOME}/.equalx
-deny  ${HOME}/.ethereum
+blacklist ${HOME}/.ethereum
-deny  ${HOME}/.etr
+blacklist ${HOME}/.etr
-deny  ${HOME}/.filezilla
+blacklist ${HOME}/.filezilla
-deny  ${HOME}/.firedragon
+blacklist ${HOME}/.firedragon
-deny  ${HOME}/.flowblade
+blacklist ${HOME}/.flowblade
-deny  ${HOME}/.fltk
+blacklist ${HOME}/.fltk
-deny  ${HOME}/.fossamail
+blacklist ${HOME}/.fossamail
-deny  ${HOME}/.freeciv
+blacklist ${HOME}/.freeciv
-deny  ${HOME}/.freecol
+blacklist ${HOME}/.freecol
-deny  ${HOME}/.freemind
+blacklist ${HOME}/.freemind
-deny  ${HOME}/.frogatto
+blacklist ${HOME}/.frogatto
-deny  ${HOME}/.frozen-bubble
+blacklist ${HOME}/.frozen-bubble
-deny  ${HOME}/.funnyboat
+blacklist ${HOME}/.funnyboat
-deny  ${HOME}/.gimp*
+blacklist ${HOME}/.gimp*
-deny  ${HOME}/.gist
+blacklist ${HOME}/.gist
-deny  ${HOME}/.gitconfig
+blacklist ${HOME}/.gitconfig
-deny  ${HOME}/.gl-117
+blacklist ${HOME}/.gl-117
-deny  ${HOME}/.glaxiumrc
+blacklist ${HOME}/.glaxiumrc
-deny  ${HOME}/.gnome/gnome-schedule
+blacklist ${HOME}/.gnome/gnome-schedule
-deny  ${HOME}/.googleearth
+blacklist ${HOME}/.googleearth
-deny  ${HOME}/.gradle
+blacklist ${HOME}/.gradle
-deny  ${HOME}/.gramps
+blacklist ${HOME}/.gramps
-deny  ${HOME}/.guayadeque
+blacklist ${HOME}/.guayadeque
-deny  ${HOME}/.hashcat
+blacklist ${HOME}/.hashcat
-deny  ${HOME}/.hedgewars
+blacklist ${HOME}/.hedgewars
-deny  ${HOME}/.hex-a-hop
+blacklist ${HOME}/.hex-a-hop
-deny  ${HOME}/.hugin
+blacklist ${HOME}/.hugin
-deny  ${HOME}/.i2p
+blacklist ${HOME}/.i2p
-deny  ${HOME}/.icedove
+blacklist ${HOME}/.icedove
-deny  ${HOME}/.imagej
+blacklist ${HOME}/.imagej
-deny  ${HOME}/.inkscape
+blacklist ${HOME}/.inkscape
-deny  ${HOME}/.itch
+blacklist ${HOME}/.itch
-deny  ${HOME}/.jack-server
+blacklist ${HOME}/.jack-server
-deny  ${HOME}/.jack-settings
+blacklist ${HOME}/.jack-settings
-deny  ${HOME}/.jak
+blacklist ${HOME}/.jak
-deny  ${HOME}/.java
+blacklist ${HOME}/.java
-deny  ${HOME}/.jd
+blacklist ${HOME}/.jd
-deny  ${HOME}/.jitsi
+blacklist ${HOME}/.jitsi
-deny  ${HOME}/.jumpnbump
+blacklist ${HOME}/.jumpnbump
-deny  ${HOME}/.kde/share/apps/digikam
+blacklist ${HOME}/.kde/share/apps/digikam
-deny  ${HOME}/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/apps/gwenview
-deny  ${HOME}/.kde/share/apps/kaffeine
+blacklist ${HOME}/.kde/share/apps/kaffeine
-deny  ${HOME}/.kde/share/apps/kcookiejar
+blacklist ${HOME}/.kde/share/apps/kcookiejar
-deny  ${HOME}/.kde/share/apps/kget
+blacklist ${HOME}/.kde/share/apps/kget
-deny  ${HOME}/.kde/share/apps/khtml
+blacklist ${HOME}/.kde/share/apps/khtml
-deny  ${HOME}/.kde/share/apps/klatexformula
+blacklist ${HOME}/.kde/share/apps/klatexformula
-deny  ${HOME}/.kde/share/apps/konqsidebartng
+blacklist ${HOME}/.kde/share/apps/konqsidebartng
-deny  ${HOME}/.kde/share/apps/konqueror
+blacklist ${HOME}/.kde/share/apps/konqueror
-deny  ${HOME}/.kde/share/apps/kopete
+blacklist ${HOME}/.kde/share/apps/kopete
-deny  ${HOME}/.kde/share/apps/ktorrent
+blacklist ${HOME}/.kde/share/apps/ktorrent
-deny  ${HOME}/.kde/share/apps/okular
+blacklist ${HOME}/.kde/share/apps/okular
-deny  ${HOME}/.kde/share/config/baloofilerc
+blacklist ${HOME}/.kde/share/config/baloofilerc
-deny  ${HOME}/.kde/share/config/baloorc
+blacklist ${HOME}/.kde/share/config/baloorc
-deny  ${HOME}/.kde/share/config/digikam
+blacklist ${HOME}/.kde/share/config/digikam
-deny  ${HOME}/.kde/share/config/gwenviewrc
+blacklist ${HOME}/.kde/share/config/gwenviewrc
-deny  ${HOME}/.kde/share/config/k3brc
+blacklist ${HOME}/.kde/share/config/k3brc
-deny  ${HOME}/.kde/share/config/kaffeinerc
+blacklist ${HOME}/.kde/share/config/kaffeinerc
-deny  ${HOME}/.kde/share/config/kcookiejarrc
+blacklist ${HOME}/.kde/share/config/kcookiejarrc
-deny  ${HOME}/.kde/share/config/kfindrc
+blacklist ${HOME}/.kde/share/config/kfindrc
-deny  ${HOME}/.kde/share/config/kgetrc
+blacklist ${HOME}/.kde/share/config/kgetrc
-deny  ${HOME}/.kde/share/config/khtmlrc
+blacklist ${HOME}/.kde/share/config/khtmlrc
-deny  ${HOME}/.kde/share/config/klipperrc
+blacklist ${HOME}/.kde/share/config/klipperrc
-deny  ${HOME}/.kde/share/config/kmplayerrc
+blacklist ${HOME}/.kde/share/config/kmplayerrc
-deny  ${HOME}/.kde/share/config/konq_history
+blacklist ${HOME}/.kde/share/config/konq_history
-deny  ${HOME}/.kde/share/config/konqsidebartngrc
+blacklist ${HOME}/.kde/share/config/konqsidebartngrc
-deny  ${HOME}/.kde/share/config/konquerorrc
+blacklist ${HOME}/.kde/share/config/konquerorrc
-deny  ${HOME}/.kde/share/config/konversationrc
+blacklist ${HOME}/.kde/share/config/konversationrc
-deny  ${HOME}/.kde/share/config/kopeterc
+blacklist ${HOME}/.kde/share/config/kopeterc
-deny  ${HOME}/.kde/share/config/ktorrentrc
+blacklist ${HOME}/.kde/share/config/ktorrentrc
-deny  ${HOME}/.kde/share/config/okularpartrc
+blacklist ${HOME}/.kde/share/config/okularpartrc
-deny  ${HOME}/.kde/share/config/okularrc
+blacklist ${HOME}/.kde/share/config/okularrc
-deny  ${HOME}/.kde4/share/apps/digikam
+blacklist ${HOME}/.kde4/share/apps/digikam
-deny  ${HOME}/.kde4/share/apps/gwenview
+blacklist ${HOME}/.kde4/share/apps/gwenview
-deny  ${HOME}/.kde4/share/apps/kaffeine
+blacklist ${HOME}/.kde4/share/apps/kaffeine
-deny  ${HOME}/.kde4/share/apps/kcookiejar
+blacklist ${HOME}/.kde4/share/apps/kcookiejar
-deny  ${HOME}/.kde4/share/apps/kget
+blacklist ${HOME}/.kde4/share/apps/kget
-deny  ${HOME}/.kde4/share/apps/khtml
+blacklist ${HOME}/.kde4/share/apps/khtml
-deny  ${HOME}/.kde4/share/apps/konqsidebartng
+blacklist ${HOME}/.kde4/share/apps/konqsidebartng
-deny  ${HOME}/.kde4/share/apps/konqueror
+blacklist ${HOME}/.kde4/share/apps/konqueror
-deny  ${HOME}/.kde4/share/apps/kopete
+blacklist ${HOME}/.kde4/share/apps/kopete
-deny  ${HOME}/.kde4/share/apps/ktorrent
+blacklist ${HOME}/.kde4/share/apps/ktorrent
-deny  ${HOME}/.kde4/share/apps/okular
+blacklist ${HOME}/.kde4/share/apps/okular
-deny  ${HOME}/.kde4/share/config/baloofilerc
+blacklist ${HOME}/.kde4/share/config/baloofilerc
-deny  ${HOME}/.kde4/share/config/baloorc
+blacklist ${HOME}/.kde4/share/config/baloorc
-deny  ${HOME}/.kde4/share/config/digikam
+blacklist ${HOME}/.kde4/share/config/digikam
-deny  ${HOME}/.kde4/share/config/gwenviewrc
+blacklist ${HOME}/.kde4/share/config/gwenviewrc
-deny  ${HOME}/.kde4/share/config/k3brc
+blacklist ${HOME}/.kde4/share/config/k3brc
-deny  ${HOME}/.kde4/share/config/kaffeinerc
+blacklist ${HOME}/.kde4/share/config/kaffeinerc
-deny  ${HOME}/.kde4/share/config/kcookiejarrc
+blacklist ${HOME}/.kde4/share/config/kcookiejarrc
-deny  ${HOME}/.kde4/share/config/kfindrc
+blacklist ${HOME}/.kde4/share/config/kfindrc
-deny  ${HOME}/.kde4/share/config/kgetrc
+blacklist ${HOME}/.kde4/share/config/kgetrc
-deny  ${HOME}/.kde4/share/config/khtmlrc
+blacklist ${HOME}/.kde4/share/config/khtmlrc
-deny  ${HOME}/.kde4/share/config/klipperrc
+blacklist ${HOME}/.kde4/share/config/klipperrc
-deny  ${HOME}/.kde4/share/config/konq_history
+blacklist ${HOME}/.kde4/share/config/konq_history
-deny  ${HOME}/.kde4/share/config/konqsidebartngrc
+blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
-deny  ${HOME}/.kde4/share/config/konquerorrc
+blacklist ${HOME}/.kde4/share/config/konquerorrc
-deny  ${HOME}/.kde4/share/config/konversationrc
+blacklist ${HOME}/.kde4/share/config/konversationrc
-deny  ${HOME}/.kde4/share/config/kopeterc
+blacklist ${HOME}/.kde4/share/config/kopeterc
-deny  ${HOME}/.kde4/share/config/ktorrentrc
+blacklist ${HOME}/.kde4/share/config/ktorrentrc
-deny  ${HOME}/.kde4/share/config/okularpartrc
+blacklist ${HOME}/.kde4/share/config/okularpartrc
-deny  ${HOME}/.kde4/share/config/okularrc
+blacklist ${HOME}/.kde4/share/config/okularrc
-deny  ${HOME}/.killingfloor
+blacklist ${HOME}/.killingfloor
-deny  ${HOME}/.kingsoft
+blacklist ${HOME}/.kingsoft
-deny  ${HOME}/.kino-history
+blacklist ${HOME}/.kino-history
-deny  ${HOME}/.kinorc
+blacklist ${HOME}/.kinorc
-deny  ${HOME}/.klatexformula
+blacklist ${HOME}/.klatexformula
-deny  ${HOME}/.klei
+blacklist ${HOME}/.klei
-deny  ${HOME}/.kodi
+blacklist ${HOME}/.kodi
-deny  ${HOME}/.librewolf
+blacklist ${HOME}/.librewolf
-deny  ${HOME}/.lincity-ng
+blacklist ${HOME}/.lincity-ng
-deny  ${HOME}/.links
+blacklist ${HOME}/.links
-deny  ${HOME}/.links2
+blacklist ${HOME}/.links2
-deny  ${HOME}/.linphone-history.db
+blacklist ${HOME}/.linphone-history.db
-deny  ${HOME}/.linphonerc
+blacklist ${HOME}/.linphonerc
-deny  ${HOME}/.lmmsrc.xml
+blacklist ${HOME}/.lmmsrc.xml
-deny  ${HOME}/.local/lib/vivaldi
+blacklist ${HOME}/.local/lib/vivaldi
-deny  ${HOME}/.local/share/0ad
+blacklist ${HOME}/.local/share/0ad
-deny  ${HOME}/.local/share/3909/PapersPlease
+blacklist ${HOME}/.local/share/3909/PapersPlease
-deny  ${HOME}/.local/share/Anki2
+blacklist ${HOME}/.local/share/Anki2
-deny  ${HOME}/.local/share/Dredmor
+blacklist ${HOME}/.local/share/Dredmor
-deny  ${HOME}/.local/share/Empathy
+blacklist ${HOME}/.local/share/Empathy
-deny  ${HOME}/.local/share/Enpass
+blacklist ${HOME}/.local/share/Enpass
-deny  ${HOME}/.local/share/FasterThanLight
+blacklist ${HOME}/.local/share/FasterThanLight
-deny  ${HOME}/.local/share/Flavio Tordini
+blacklist ${HOME}/.local/share/Flavio Tordini
-deny  ${HOME}/.local/share/IntoTheBreach
+blacklist ${HOME}/.local/share/IntoTheBreach
-deny  ${HOME}/.local/share/JetBrains
+blacklist ${HOME}/.local/share/JetBrains
-deny  ${HOME}/.local/share/KDE/neochat
+blacklist ${HOME}/.local/share/KDE/neochat
-deny  ${HOME}/.local/share/Kingsoft
+blacklist ${HOME}/.local/share/Kingsoft
-deny  ${HOME}/.local/share/LibreCAD
+blacklist ${HOME}/.local/share/LibreCAD
-deny  ${HOME}/.local/share/Mendeley Ltd.
+blacklist ${HOME}/.local/share/Mendeley Ltd.
-deny  ${HOME}/.local/share/Mumble
+blacklist ${HOME}/.local/share/Mumble
-deny  ${HOME}/.local/share/Nextcloud
+blacklist ${HOME}/.local/share/Nextcloud
-deny  ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/PBE
-deny  ${HOME}/.local/share/Paradox Interactive
+blacklist ${HOME}/.local/share/Paradox Interactive
-deny  ${HOME}/.local/share/PawelStolowski
+blacklist ${HOME}/.local/share/PawelStolowski
-deny  ${HOME}/.local/share/PillarsOfEternity
+blacklist ${HOME}/.local/share/PillarsOfEternity
-deny  ${HOME}/.local/share/Psi
+blacklist ${HOME}/.local/share/Psi
-deny  ${HOME}/.local/share/QGIS
+blacklist ${HOME}/.local/share/QGIS
-deny  ${HOME}/.local/share/QMediathekView
+blacklist ${HOME}/.local/share/QMediathekView
-deny  ${HOME}/.local/share/QuiteRss
+blacklist ${HOME}/.local/share/QuiteRss
-deny  ${HOME}/.local/share/Ricochet
+blacklist ${HOME}/.local/share/Ricochet
-deny  ${HOME}/.local/share/RogueLegacy
+blacklist ${HOME}/.local/share/RogueLegacy
-deny  ${HOME}/.local/share/RogueLegacyStorageContainer
+blacklist ${HOME}/.local/share/RogueLegacyStorageContainer
-deny  ${HOME}/.local/share/Shortwave
+blacklist ${HOME}/.local/share/Shortwave
-deny  ${HOME}/.local/share/Steam
+blacklist ${HOME}/.local/share/Steam
-deny  ${HOME}/.local/share/SteamWorld Dig 2
+blacklist ${HOME}/.local/share/SteamWorld Dig 2
-deny  ${HOME}/.local/share/SteamWorldDig
+blacklist ${HOME}/.local/share/SteamWorldDig
-deny  ${HOME}/.local/share/SuperHexagon
+blacklist ${HOME}/.local/share/SuperHexagon
-deny  ${HOME}/.local/share/TelegramDesktop
+blacklist ${HOME}/.local/share/TelegramDesktop
-deny  ${HOME}/.local/share/Terraria
+blacklist ${HOME}/.local/share/Terraria
-deny  ${HOME}/.local/share/TpLogger
+blacklist ${HOME}/.local/share/TpLogger
-deny  ${HOME}/.local/share/Zeal
+blacklist ${HOME}/.local/share/Zeal
-deny  ${HOME}/.local/share/agenda
+blacklist ${HOME}/.local/share/agenda
-deny  ${HOME}/.local/share/akonadi*
+blacklist ${HOME}/.local/share/akonadi*
-deny  ${HOME}/.local/share/akregator
+blacklist ${HOME}/.local/share/akregator
-deny  ${HOME}/.local/share/apps/korganizer
+blacklist ${HOME}/.local/share/apps/korganizer
-deny  ${HOME}/.local/share/aspyr-media
+blacklist ${HOME}/.local/share/aspyr-media
-deny  ${HOME}/.local/share/authenticator-rs
+blacklist ${HOME}/.local/share/authenticator-rs
-deny  ${HOME}/.local/share/autokey
+blacklist ${HOME}/.local/share/autokey
-deny  ${HOME}/.local/share/backintime
+blacklist ${HOME}/.local/share/backintime
-deny  ${HOME}/.local/share/baloo
+blacklist ${HOME}/.local/share/baloo
-deny  ${HOME}/.local/share/barrier
+blacklist ${HOME}/.local/share/barrier
-deny  ${HOME}/.local/share/bibletime
+blacklist ${HOME}/.local/share/bibletime
-deny  ${HOME}/.local/share/bijiben
+blacklist ${HOME}/.local/share/bijiben
-deny  ${HOME}/.local/share/bohemiainteractive
+blacklist ${HOME}/.local/share/bohemiainteractive
-deny  ${HOME}/.local/share/caja-python
+blacklist ${HOME}/.local/share/caja-python
-deny  ${HOME}/.local/share/calligragemini
+blacklist ${HOME}/.local/share/calligragemini
-deny  ${HOME}/.local/share/cantata
+blacklist ${HOME}/.local/share/cantata
-deny  ${HOME}/.local/share/cdprojektred
+blacklist ${HOME}/.local/share/cdprojektred
-deny  ${HOME}/.local/share/clipit
+blacklist ${HOME}/.local/share/clipit
-deny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
-deny  ${HOME}/.local/share/contacts
+blacklist ${HOME}/.local/share/contacts
-deny  ${HOME}/.local/share/cor-games
+blacklist ${HOME}/.local/share/cor-games
-deny  ${HOME}/.local/share/data/Mendeley Ltd.
+blacklist ${HOME}/.local/share/data/Mendeley Ltd.
-deny  ${HOME}/.local/share/data/Mumble
+blacklist ${HOME}/.local/share/data/Mumble
-deny  ${HOME}/.local/share/data/MusE
+blacklist ${HOME}/.local/share/data/MusE
-deny  ${HOME}/.local/share/data/MuseScore
+blacklist ${HOME}/.local/share/data/MuseScore
-deny  ${HOME}/.local/share/data/nomacs
+blacklist ${HOME}/.local/share/data/nomacs
-deny  ${HOME}/.local/share/data/qBittorrent
+blacklist ${HOME}/.local/share/data/qBittorrent
-deny  ${HOME}/.local/share/dino
+blacklist ${HOME}/.local/share/dino
-deny  ${HOME}/.local/share/dolphin
+blacklist ${HOME}/.local/share/dolphin
-deny  ${HOME}/.local/share/dolphin-emu
+blacklist ${HOME}/.local/share/dolphin-emu
-deny  ${HOME}/.local/share/emailidentities
+blacklist ${HOME}/.local/share/emailidentities
-deny  ${HOME}/.local/share/epiphany
+blacklist ${HOME}/.local/share/epiphany
-deny  ${HOME}/.local/share/evolution
+blacklist ${HOME}/.local/share/evolution
-deny  ${HOME}/.local/share/feedreader
+blacklist ${HOME}/.local/share/feedreader
-deny  ${HOME}/.local/share/feral-interactive
+blacklist ${HOME}/.local/share/feral-interactive
-deny  ${HOME}/.local/share/five-or-more
+blacklist ${HOME}/.local/share/five-or-more
-deny  ${HOME}/.local/share/freecol
+blacklist ${HOME}/.local/share/freecol
-deny  ${HOME}/.local/share/gajim
+blacklist ${HOME}/.local/share/gajim
-deny  ${HOME}/.local/share/geary
+blacklist ${HOME}/.local/share/geary
-deny  ${HOME}/.local/share/geeqie
+blacklist ${HOME}/.local/share/geeqie
-deny  ${HOME}/.local/share/ghostwriter
+blacklist ${HOME}/.local/share/ghostwriter
-deny  ${HOME}/.local/share/gitg
+blacklist ${HOME}/.local/share/gitg
-deny  ${HOME}/.local/share/gnome-2048
+blacklist ${HOME}/.local/share/gnome-2048
-deny  ${HOME}/.local/share/gnome-boxes
+blacklist ${HOME}/.local/share/gnome-boxes
-deny  ${HOME}/.local/share/gnome-builder
+blacklist ${HOME}/.local/share/gnome-builder
-deny  ${HOME}/.local/share/gnome-chess
+blacklist ${HOME}/.local/share/gnome-chess
-deny  ${HOME}/.local/share/gnome-klotski
+blacklist ${HOME}/.local/share/gnome-klotski
-deny  ${HOME}/.local/share/gnome-latex
+blacklist ${HOME}/.local/share/gnome-latex
-deny  ${HOME}/.local/share/gnome-mines
+blacklist ${HOME}/.local/share/gnome-mines
-deny  ${HOME}/.local/share/gnome-music
+blacklist ${HOME}/.local/share/gnome-music
-deny  ${HOME}/.local/share/gnome-nibbles
+blacklist ${HOME}/.local/share/gnome-nibbles
-deny  ${HOME}/.local/share/gnome-photos
+blacklist ${HOME}/.local/share/gnome-photos
-deny  ${HOME}/.local/share/gnome-pomodoro
+blacklist ${HOME}/.local/share/gnome-pomodoro
-deny  ${HOME}/.local/share/gnome-recipes
+blacklist ${HOME}/.local/share/gnome-recipes
-deny  ${HOME}/.local/share/gnome-ring
+blacklist ${HOME}/.local/share/gnome-ring
-deny  ${HOME}/.local/share/gnome-sudoku
+blacklist ${HOME}/.local/share/gnome-sudoku
-deny  ${HOME}/.local/share/gnome-twitch
+blacklist ${HOME}/.local/share/gnome-twitch
-deny  ${HOME}/.local/share/gnote
+blacklist ${HOME}/.local/share/gnote
-deny  ${HOME}/.local/share/godot
+blacklist ${HOME}/.local/share/godot
-deny  ${HOME}/.local/share/gradio
+blacklist ${HOME}/.local/share/gradio
-deny  ${HOME}/.local/share/gwenview
+blacklist ${HOME}/.local/share/gwenview
-deny  ${HOME}/.local/share/i2p
+blacklist ${HOME}/.local/share/i2p
-deny  ${HOME}/.local/share/jami
+blacklist ${HOME}/.local/share/jami
-deny  ${HOME}/.local/share/kaffeine
+blacklist ${HOME}/.local/share/kaffeine
-deny  ${HOME}/.local/share/kalgebra
+blacklist ${HOME}/.local/share/kalgebra
-deny  ${HOME}/.local/share/kate
+blacklist ${HOME}/.local/share/kate
-deny  ${HOME}/.local/share/kdenlive
+blacklist ${HOME}/.local/share/kdenlive
-deny  ${HOME}/.local/share/kget
+blacklist ${HOME}/.local/share/kget
-deny  ${HOME}/.local/share/kiwix
+blacklist ${HOME}/.local/share/kiwix
-deny  ${HOME}/.local/share/kiwix-desktop
+blacklist ${HOME}/.local/share/kiwix-desktop
-deny  ${HOME}/.local/share/klavaro
+blacklist ${HOME}/.local/share/klavaro
-deny  ${HOME}/.local/share/kmail2
+blacklist ${HOME}/.local/share/kmail2
-deny  ${HOME}/.local/share/kmplayer
+blacklist ${HOME}/.local/share/kmplayer
-deny  ${HOME}/.local/share/knotes
+blacklist ${HOME}/.local/share/knotes
-deny  ${HOME}/.local/share/krita
+blacklist ${HOME}/.local/share/krita
-deny  ${HOME}/.local/share/ktorrent
+blacklist ${HOME}/.local/share/ktorrent
-deny  ${HOME}/.local/share/ktorrentrc
+blacklist ${HOME}/.local/share/ktorrentrc
-deny  ${HOME}/.local/share/ktouch
+blacklist ${HOME}/.local/share/ktouch
-deny  ${HOME}/.local/share/kube
+blacklist ${HOME}/.local/share/kube
-deny  ${HOME}/.local/share/kwrite
+blacklist ${HOME}/.local/share/kwrite
-deny  ${HOME}/.local/share/kxmlgui5/*
+blacklist ${HOME}/.local/share/kxmlgui5/*
-deny  ${HOME}/.local/share/liferea
+blacklist ${HOME}/.local/share/liferea
-deny  ${HOME}/.local/share/linphone
+blacklist ${HOME}/.local/share/linphone
-deny  ${HOME}/.local/share/local-mail
+blacklist ${HOME}/.local/share/local-mail
-deny  ${HOME}/.local/share/lollypop
+blacklist ${HOME}/.local/share/lollypop
-deny  ${HOME}/.local/share/love
+blacklist ${HOME}/.local/share/love
-deny  ${HOME}/.local/share/lugaru
+blacklist ${HOME}/.local/share/lugaru
-deny  ${HOME}/.local/share/lutris
+blacklist ${HOME}/.local/share/lutris
-deny  ${HOME}/.local/share/man
+blacklist ${HOME}/.local/share/man
-deny  ${HOME}/.local/share/mana
+blacklist ${HOME}/.local/share/mana
-deny  ${HOME}/.local/share/maps-places.json
+blacklist ${HOME}/.local/share/maps-places.json
-deny  ${HOME}/.local/share/matrix-mirage
+blacklist ${HOME}/.local/share/matrix-mirage
-deny  ${HOME}/.local/share/mcomix
+blacklist ${HOME}/.local/share/mcomix
-deny  ${HOME}/.local/share/meld
+blacklist ${HOME}/.local/share/meld
-deny  ${HOME}/.local/share/midori
+blacklist ${HOME}/.local/share/midori
-deny  ${HOME}/.local/share/minder
+blacklist ${HOME}/.local/share/minder
-deny  ${HOME}/.local/share/mirage
+blacklist ${HOME}/.local/share/mirage
-deny  ${HOME}/.local/share/multimc
+blacklist ${HOME}/.local/share/multimc
-deny  ${HOME}/.local/share/multimc5
+blacklist ${HOME}/.local/share/multimc5
-deny  ${HOME}/.local/share/mupen64plus
+blacklist ${HOME}/.local/share/mupen64plus
-deny  ${HOME}/.local/share/mypaint
+blacklist ${HOME}/.local/share/mypaint
-deny  ${HOME}/.local/share/nautilus
+blacklist ${HOME}/.local/share/nautilus
-deny  ${HOME}/.local/share/nautilus-python
+blacklist ${HOME}/.local/share/nautilus-python
-deny  ${HOME}/.local/share/nemo
+blacklist ${HOME}/.local/share/nemo
-deny  ${HOME}/.local/share/nemo-python
+blacklist ${HOME}/.local/share/nemo-python
-deny  ${HOME}/.local/share/news-flash
+blacklist ${HOME}/.local/share/news-flash
-deny  ${HOME}/.local/share/newsbeuter
+blacklist ${HOME}/.local/share/newsbeuter
-deny  ${HOME}/.local/share/newsboat
+blacklist ${HOME}/.local/share/newsboat
-deny  ${HOME}/.local/share/nheko
+blacklist ${HOME}/.local/share/nheko
-deny  ${HOME}/.local/share/nomacs
+blacklist ${HOME}/.local/share/nomacs
-deny  ${HOME}/.local/share/notes
+blacklist ${HOME}/.local/share/notes
-deny  ${HOME}/.local/share/ocenaudio
+blacklist ${HOME}/.local/share/ocenaudio
-deny  ${HOME}/.local/share/okular
+blacklist ${HOME}/.local/share/okular
-deny  ${HOME}/.local/share/onlyoffice
+blacklist ${HOME}/.local/share/onlyoffice
-deny  ${HOME}/.local/share/openmw
+blacklist ${HOME}/.local/share/openmw
-deny  ${HOME}/.local/share/orage
+blacklist ${HOME}/.local/share/orage
-deny  ${HOME}/.local/share/org.kde.gwenview
+blacklist ${HOME}/.local/share/org.kde.gwenview
-deny  ${HOME}/.local/share/pix
+blacklist ${HOME}/.local/share/pix
-deny  ${HOME}/.local/share/plasma_notes
+blacklist ${HOME}/.local/share/plasma_notes
-deny  ${HOME}/.local/share/profanity
+blacklist ${HOME}/.local/share/profanity
-deny  ${HOME}/.local/share/psi
+blacklist ${HOME}/.local/share/psi
-deny  ${HOME}/.local/share/psi+
+blacklist ${HOME}/.local/share/psi+
-deny  ${HOME}/.local/share/qpdfview
+blacklist ${HOME}/.local/share/qpdfview
-deny  ${HOME}/.local/share/quadrapassel
+blacklist ${HOME}/.local/share/quadrapassel
-deny  ${HOME}/.local/share/qutebrowser
+blacklist ${HOME}/.local/share/qutebrowser
-deny  ${HOME}/.local/share/remmina
+blacklist ${HOME}/.local/share/remmina
-deny  ${HOME}/.local/share/rhythmbox
+blacklist ${HOME}/.local/share/rhythmbox
-deny  ${HOME}/.local/share/rtv
+blacklist ${HOME}/.local/share/rtv
-deny  ${HOME}/.local/share/scribus
+blacklist ${HOME}/.local/share/scribus
-deny  ${HOME}/.local/share/shotwell
+blacklist ${HOME}/.local/share/shotwell
-deny  ${HOME}/.local/share/signal-cli
+blacklist ${HOME}/.local/share/signal-cli
-deny  ${HOME}/.local/share/sink
+blacklist ${HOME}/.local/share/sink
-deny  ${HOME}/.local/share/smuxi
+blacklist ${HOME}/.local/share/smuxi
-deny  ${HOME}/.local/share/spotify
+blacklist ${HOME}/.local/share/spotify
-deny  ${HOME}/.local/share/steam
+blacklist ${HOME}/.local/share/steam
-deny  ${HOME}/.local/share/strawberry
+blacklist ${HOME}/.local/share/strawberry
-deny  ${HOME}/.local/share/supertux2
+blacklist ${HOME}/.local/share/supertux2
-deny  ${HOME}/.local/share/supertuxkart
+blacklist ${HOME}/.local/share/supertuxkart
-deny  ${HOME}/.local/share/swell-foop
+blacklist ${HOME}/.local/share/swell-foop
-deny  ${HOME}/.local/share/telepathy
+blacklist ${HOME}/.local/share/telepathy
-deny  ${HOME}/.local/share/terasology
+blacklist ${HOME}/.local/share/terasology
-deny  ${HOME}/.local/share/torbrowser
+blacklist ${HOME}/.local/share/torbrowser
-deny  ${HOME}/.local/share/totem
+blacklist ${HOME}/.local/share/totem
-deny  ${HOME}/.local/share/uzbl
+blacklist ${HOME}/.local/share/uzbl
-deny  ${HOME}/.local/share/vlc
+blacklist ${HOME}/.local/share/vlc
-deny  ${HOME}/.local/share/vpltd
+blacklist ${HOME}/.local/share/vpltd
-deny  ${HOME}/.local/share/vulkan
+blacklist ${HOME}/.local/share/vulkan
-deny  ${HOME}/.local/share/warsow-2.1
+blacklist ${HOME}/.local/share/warsow-2.1
-deny  ${HOME}/.local/share/wesnoth
+blacklist ${HOME}/.local/share/wesnoth
-deny  ${HOME}/.local/share/wormux
+blacklist ${HOME}/.local/share/wormux
-deny  ${HOME}/.local/share/xplayer
+blacklist ${HOME}/.local/share/xplayer
-deny  ${HOME}/.local/share/xreader
+blacklist ${HOME}/.local/share/xreader
-deny  ${HOME}/.local/share/zathura
+blacklist ${HOME}/.local/share/zathura
-deny  ${HOME}/.lv2
+blacklist ${HOME}/.lv2
-deny  ${HOME}/.lyx
+blacklist ${HOME}/.lyx
-deny  ${HOME}/.magicor
+blacklist ${HOME}/.magicor
-deny  ${HOME}/.masterpdfeditor
+blacklist ${HOME}/.masterpdfeditor
-deny  ${HOME}/.mbwarband
+blacklist ${HOME}/.mbwarband
-deny  ${HOME}/.mcabber
+blacklist ${HOME}/.mcabber
-deny  ${HOME}/.mcabberrc
+blacklist ${HOME}/.mcabberrc
-deny  ${HOME}/.mediathek3
+blacklist ${HOME}/.mediathek3
-deny  ${HOME}/.megaglest
+blacklist ${HOME}/.megaglest
-deny  ${HOME}/.minecraft
+blacklist ${HOME}/.minecraft
-deny  ${HOME}/.minetest
+blacklist ${HOME}/.minetest
-deny  ${HOME}/.mirrormagic
+blacklist ${HOME}/.mirrormagic
-deny  ${HOME}/.moc
+blacklist ${HOME}/.moc
-deny  ${HOME}/.moonchild productions/basilisk
+blacklist ${HOME}/.moonchild productions/basilisk
-deny  ${HOME}/.moonchild productions/pale moon
+blacklist ${HOME}/.moonchild productions/pale moon
-deny  ${HOME}/.mozilla
+blacklist ${HOME}/.mozilla
-deny  ${HOME}/.mp3splt-gtk
+blacklist ${HOME}/.mp3splt-gtk
-deny  ${HOME}/.mpd
+blacklist ${HOME}/.mpd
-deny  ${HOME}/.mpdconf
+blacklist ${HOME}/.mpdconf
-deny  ${HOME}/.mplayer
+blacklist ${HOME}/.mplayer
-deny  ${HOME}/.msmtprc
+blacklist ${HOME}/.msmtprc
-deny  ${HOME}/.multimc5
+blacklist ${HOME}/.multimc5
-deny  ${HOME}/.nanorc
+blacklist ${HOME}/.nanorc
-deny  ${HOME}/.netactview
+blacklist ${HOME}/.netactview
-deny  ${HOME}/.neverball
+blacklist ${HOME}/.neverball
-deny  ${HOME}/.newsbeuter
+blacklist ${HOME}/.newsbeuter
-deny  ${HOME}/.newsboat
+blacklist ${HOME}/.newsboat
-deny  ${HOME}/.newsrc
+blacklist ${HOME}/.newsrc
-deny  ${HOME}/.nicotine
+blacklist ${HOME}/.nicotine
-deny  ${HOME}/.node-gyp
+blacklist ${HOME}/.node-gyp
-deny  ${HOME}/.npm
+blacklist ${HOME}/.npm
-deny  ${HOME}/.npmrc
+blacklist ${HOME}/.npmrc
-deny  ${HOME}/.nv
+blacklist ${HOME}/.nv
-deny  ${HOME}/.nvm
+blacklist ${HOME}/.nvm
-deny  ${HOME}/.nylas-mail
+blacklist ${HOME}/.nylas-mail
-deny  ${HOME}/.openarena
+blacklist ${HOME}/.openarena
-deny  ${HOME}/.opencity
+blacklist ${HOME}/.opencity
-deny  ${HOME}/.openinvaders
+blacklist ${HOME}/.openinvaders
-deny  ${HOME}/.openshot
+blacklist ${HOME}/.openshot
-deny  ${HOME}/.openshot_qt
+blacklist ${HOME}/.openshot_qt
-deny  ${HOME}/.openttd
+blacklist ${HOME}/.openttd
-deny  ${HOME}/.opera
+blacklist ${HOME}/.opera
-deny  ${HOME}/.opera-beta
+blacklist ${HOME}/.opera-beta
-deny  ${HOME}/.ostrichriders
+blacklist ${HOME}/.ostrichriders
-deny  ${HOME}/.paradoxinteractive
+blacklist ${HOME}/.paradoxinteractive
-deny  ${HOME}/.parallelrealities/blobwars
+blacklist ${HOME}/.parallelrealities/blobwars
-deny  ${HOME}/.pcsxr
+blacklist ${HOME}/.pcsxr
-deny  ${HOME}/.penguin-command
+blacklist ${HOME}/.penguin-command
-deny  ${HOME}/.pine-crash
+blacklist ${HOME}/.pine-crash
-deny  ${HOME}/.pine-debug1
+blacklist ${HOME}/.pine-debug1
-deny  ${HOME}/.pine-debug2
+blacklist ${HOME}/.pine-debug2
-deny  ${HOME}/.pine-debug3
+blacklist ${HOME}/.pine-debug3
-deny  ${HOME}/.pine-debug4
+blacklist ${HOME}/.pine-debug4
-deny  ${HOME}/.pine-interrupted-mail
+blacklist ${HOME}/.pine-interrupted-mail
-deny  ${HOME}/.pinerc
+blacklist ${HOME}/.pinerc
-deny  ${HOME}/.pinercex
+blacklist ${HOME}/.pinercex
-deny  ${HOME}/.pingus
+blacklist ${HOME}/.pingus
-deny  ${HOME}/.pioneer
+blacklist ${HOME}/.pioneer
-deny  ${HOME}/.purple
+blacklist ${HOME}/.purple
-deny  ${HOME}/.pylint.d
+blacklist ${HOME}/.pylint.d
-deny  ${HOME}/.qemu-launcher
+blacklist ${HOME}/.qemu-launcher
-deny  ${HOME}/.qgis2
+blacklist ${HOME}/.qgis2
-deny  ${HOME}/.qmmp
+blacklist ${HOME}/.qmmp
-deny  ${HOME}/.quodlibet
+blacklist ${HOME}/.quodlibet
-deny  ${HOME}/.redeclipse
+blacklist ${HOME}/.redeclipse
-deny  ${HOME}/.remmina
+blacklist ${HOME}/.remmina
-deny  ${HOME}/.repo_.gitconfig.json
+blacklist ${HOME}/.repo_.gitconfig.json
-deny  ${HOME}/.repoconfig
+blacklist ${HOME}/.repoconfig
-deny  ${HOME}/.retroshare
+blacklist ${HOME}/.retroshare
-deny  ${HOME}/.ripperXrc
+blacklist ${HOME}/.ripperXrc
-deny  ${HOME}/.scorched3d
+blacklist ${HOME}/.scorched3d
-deny  ${HOME}/.scribus
+blacklist ${HOME}/.scribus
-deny  ${HOME}/.scribusrc
+blacklist ${HOME}/.scribusrc
-deny  ${HOME}/.simutrans
+blacklist ${HOME}/.simutrans
-deny  ${HOME}/.smartgit/*/passwords
+blacklist ${HOME}/.smartgit/*/passwords
-deny  ${HOME}/.ssr
+blacklist ${HOME}/.ssr
-deny  ${HOME}/.steam
+blacklist ${HOME}/.steam
-deny  ${HOME}/.steampath
+blacklist ${HOME}/.steampath
-deny  ${HOME}/.steampid
+blacklist ${HOME}/.steampid
-deny  ${HOME}/.stellarium
+blacklist ${HOME}/.stellarium
-deny  ${HOME}/.subversion
+blacklist ${HOME}/.subversion
-deny  ${HOME}/.surf
+blacklist ${HOME}/.surf
-deny  ${HOME}/.suve/colorful
+blacklist ${HOME}/.suve/colorful
-deny  ${HOME}/.swb.ini
+blacklist ${HOME}/.swb.ini
-deny  ${HOME}/.sword
+blacklist ${HOME}/.sword
-deny  ${HOME}/.sylpheed-2.0
+blacklist ${HOME}/.sylpheed-2.0
-deny  ${HOME}/.synfig
+blacklist ${HOME}/.synfig
-deny  ${HOME}/.tb
+blacklist ${HOME}/.tb
-deny  ${HOME}/.tconn
+blacklist ${HOME}/.tconn
-deny  ${HOME}/.teeworlds
+blacklist ${HOME}/.teeworlds
-deny  ${HOME}/.texlive20*
+blacklist ${HOME}/.texlive20*
-deny  ${HOME}/.thunderbird
+blacklist ${HOME}/.thunderbird
-deny  ${HOME}/.tilp
+blacklist ${HOME}/.tilp
-deny  ${HOME}/.tin
+blacklist ${HOME}/.tin
-deny  ${HOME}/.tooling
+blacklist ${HOME}/.tooling
-deny  ${HOME}/.tor-browser*
+blacklist ${HOME}/.tor-browser*
-deny  ${HOME}/.torcs
+blacklist ${HOME}/.torcs
-deny  ${HOME}/.tremulous
+blacklist ${HOME}/.tremulous
-deny  ${HOME}/.ts3client
+blacklist ${HOME}/.ts3client
-deny  ${HOME}/.tuxguitar*
+blacklist ${HOME}/.tuxguitar*
-deny  ${HOME}/.tvbrowser
+blacklist ${HOME}/.tvbrowser
-deny  ${HOME}/.unknown-horizons
+blacklist ${HOME}/.unknown-horizons
-deny  ${HOME}/.viking
+blacklist ${HOME}/.viking
-deny  ${HOME}/.viking-maps
+blacklist ${HOME}/.viking-maps
-deny  ${HOME}/.vim
+blacklist ${HOME}/.vim
-deny  ${HOME}/.vimrc
+blacklist ${HOME}/.vimrc
-deny  ${HOME}/.vmware
+blacklist ${HOME}/.vmware
-deny  ${HOME}/.vscode
+blacklist ${HOME}/.vscode
-deny  ${HOME}/.vscode-oss
+blacklist ${HOME}/.vscode-oss
-deny  ${HOME}/.vst
+blacklist ${HOME}/.vst
-deny  ${HOME}/.vultures
+blacklist ${HOME}/.vultures
-deny  ${HOME}/.w3m
+blacklist ${HOME}/.w3m
-deny  ${HOME}/.warzone2100-3.*
+blacklist ${HOME}/.warzone2100-3.*
-deny  ${HOME}/.waterfox
+blacklist ${HOME}/.waterfox
-deny  ${HOME}/.weechat
+blacklist ${HOME}/.weechat
-deny  ${HOME}/.wget-hsts
+blacklist ${HOME}/.wget-hsts
-deny  ${HOME}/.wgetrc
+blacklist ${HOME}/.wgetrc
-deny  ${HOME}/.widelands
+blacklist ${HOME}/.widelands
-deny  ${HOME}/.wine
+blacklist ${HOME}/.wine
-deny  ${HOME}/.wine64
+blacklist ${HOME}/.wine64
-deny  ${HOME}/.wireshark
+blacklist ${HOME}/.wireshark
-deny  ${HOME}/.wordwarvi
+blacklist ${HOME}/.wordwarvi
-deny  ${HOME}/.wormux
+blacklist ${HOME}/.wormux
-deny  ${HOME}/.xiphos
+blacklist ${HOME}/.xiphos
-deny  ${HOME}/.xmind
+blacklist ${HOME}/.xmind
-deny  ${HOME}/.xmms
+blacklist ${HOME}/.xmms
-deny  ${HOME}/.xmr-stak
+blacklist ${HOME}/.xmr-stak
-deny  ${HOME}/.xonotic
+blacklist ${HOME}/.xonotic
-deny  ${HOME}/.xournalpp
+blacklist ${HOME}/.xournalpp
-deny  ${HOME}/.xpdfrc
+blacklist ${HOME}/.xpdfrc
-deny  ${HOME}/.yarn
+blacklist ${HOME}/.yarn
-deny  ${HOME}/.yarn-config
+blacklist ${HOME}/.yarn-config
-deny  ${HOME}/.yarncache
+blacklist ${HOME}/.yarncache
-deny  ${HOME}/.yarnrc
+blacklist ${HOME}/.yarnrc
-deny  ${HOME}/.zoom
+blacklist ${HOME}/.zoom
-deny  ${HOME}/Arduino
+blacklist ${HOME}/Arduino
-deny  ${HOME}/Monero/wallets
+blacklist ${HOME}/Monero/wallets
-deny  ${HOME}/Nextcloud
+blacklist ${HOME}/Nextcloud
-deny  ${HOME}/Nextcloud/Notes
+blacklist ${HOME}/Nextcloud/Notes
-deny  ${HOME}/SoftMaker
+blacklist ${HOME}/SoftMaker
-deny  ${HOME}/Standard Notes Backups
+blacklist ${HOME}/Standard Notes Backups
-deny  ${HOME}/TeamSpeak3-Client-linux_amd64
+blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
-deny  ${HOME}/TeamSpeak3-Client-linux_x86
+blacklist ${HOME}/TeamSpeak3-Client-linux_x86
-deny  ${HOME}/hyperrogue.ini
+blacklist ${HOME}/hyperrogue.ini
-deny  ${HOME}/i2p
+blacklist ${HOME}/i2p
-deny  ${HOME}/mps
+blacklist ${HOME}/mps
-deny  ${HOME}/wallet.dat
+blacklist ${HOME}/wallet.dat
-deny  /tmp/.wine-*
+blacklist /tmp/.wine-*
-deny  /tmp/akonadi-*
+blacklist /tmp/akonadi-*
-deny  /var/games/nethack
+blacklist /var/games/nethack
-deny  /var/games/slashem
+blacklist /var/games/slashem
-deny  /var/games/vulturesclaw
+blacklist /var/games/vulturesclaw
-deny  /var/games/vultureseye
+blacklist /var/games/vultureseye
-deny  /var/lib/games/Maelstrom-Scores
+blacklist /var/lib/games/Maelstrom-Scores
 # ${HOME}/.cache directory
-deny  ${HOME}/.cache/0ad
+blacklist ${HOME}/.cache/0ad
-deny  ${HOME}/.cache/8pecxstudios
+blacklist ${HOME}/.cache/8pecxstudios
-deny  ${HOME}/.cache/Authenticator
+blacklist ${HOME}/.cache/Authenticator
-deny  ${HOME}/.cache/BraveSoftware
+blacklist ${HOME}/.cache/BraveSoftware
-deny  ${HOME}/.cache/Clementine
+blacklist ${HOME}/.cache/Clementine
-deny  ${HOME}/.cache/ENCOM/Spectral
+blacklist ${HOME}/.cache/ENCOM/Spectral
-deny  ${HOME}/.cache/Enox
+blacklist ${HOME}/.cache/Enox
-deny  ${HOME}/.cache/Enpass
+blacklist ${HOME}/.cache/Enpass
-deny  ${HOME}/.cache/Ferdi
+blacklist ${HOME}/.cache/Ferdi
-deny  ${HOME}/.cache/Flavio Tordini
+blacklist ${HOME}/.cache/Flavio Tordini
-deny  ${HOME}/.cache/Franz
+blacklist ${HOME}/.cache/Franz
-deny  ${HOME}/.cache/INRIA
+blacklist ${HOME}/.cache/INRIA
-deny  ${HOME}/.cache/INRIA/Natron
+blacklist ${HOME}/.cache/INRIA/Natron
-deny  ${HOME}/.cache/KDE/neochat
+blacklist ${HOME}/.cache/KDE/neochat
-deny  ${HOME}/.cache/Mendeley Ltd.
+blacklist ${HOME}/.cache/Mendeley Ltd.
-deny  ${HOME}/.cache/MusicBrainz
+blacklist ${HOME}/.cache/MusicBrainz
-deny  ${HOME}/.cache/NewsFlashGTK
+blacklist ${HOME}/.cache/NewsFlashGTK
-deny  ${HOME}/.cache/Otter
+blacklist ${HOME}/.cache/Otter
-deny  ${HOME}/.cache/PawelStolowski
+blacklist ${HOME}/.cache/PawelStolowski
-deny  ${HOME}/.cache/Psi
+blacklist ${HOME}/.cache/Psi
-deny  ${HOME}/.cache/QuiteRss
+blacklist ${HOME}/.cache/QuiteRss
-deny  ${HOME}/.cache/Quotient/quaternion
+blacklist ${HOME}/.cache/Quotient/quaternion
-deny  ${HOME}/.cache/Shortwave
+blacklist ${HOME}/.cache/Shortwave
-deny  ${HOME}/.cache/Tox
+blacklist ${HOME}/.cache/Tox
-deny  ${HOME}/.cache/Zeal
+blacklist ${HOME}/.cache/Zeal
-deny  ${HOME}/.cache/agenda
+blacklist ${HOME}/.cache/agenda
-deny  ${HOME}/.cache/akonadi*
+blacklist ${HOME}/.cache/akonadi*
-deny  ${HOME}/.cache/atril
+blacklist ${HOME}/.cache/atril
-deny  ${HOME}/.cache/attic
+blacklist ${HOME}/.cache/attic
-deny  ${HOME}/.cache/babl
+blacklist ${HOME}/.cache/babl
-deny  ${HOME}/.cache/bnox
+blacklist ${HOME}/.cache/bnox
-deny  ${HOME}/.cache/borg
+blacklist ${HOME}/.cache/borg
-deny  ${HOME}/.cache/calibre
+blacklist ${HOME}/.cache/calibre
-deny  ${HOME}/.cache/cantata
+blacklist ${HOME}/.cache/cantata
-deny  ${HOME}/.cache/champlain
+blacklist ${HOME}/.cache/champlain
-deny  ${HOME}/.cache/chromium
+blacklist ${HOME}/.cache/chromium
-deny  ${HOME}/.cache/chromium-dev
+blacklist ${HOME}/.cache/chromium-dev
-deny  ${HOME}/.cache/cliqz
+blacklist ${HOME}/.cache/cliqz
-deny  ${HOME}/.cache/com.github.johnfactotum.Foliate
+blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
-deny  ${HOME}/.cache/darktable
+blacklist ${HOME}/.cache/darktable
-deny  ${HOME}/.cache/deja-dup
+blacklist ${HOME}/.cache/deja-dup
-deny  ${HOME}/.cache/discover
+blacklist ${HOME}/.cache/discover
-deny  ${HOME}/.cache/dnox
+blacklist ${HOME}/.cache/dnox
-deny  ${HOME}/.cache/dolphin
+blacklist ${HOME}/.cache/dolphin
-deny  ${HOME}/.cache/dolphin-emu
+blacklist ${HOME}/.cache/dolphin-emu
-deny  ${HOME}/.cache/ephemeral
+blacklist ${HOME}/.cache/ephemeral
-deny  ${HOME}/.cache/epiphany
+blacklist ${HOME}/.cache/epiphany
-deny  ${HOME}/.cache/evolution
+blacklist ${HOME}/.cache/evolution
-deny  ${HOME}/.cache/falkon
+blacklist ${HOME}/.cache/falkon
-deny  ${HOME}/.cache/feedreader
+blacklist ${HOME}/.cache/feedreader
-deny  ${HOME}/.cache/firedragon
+blacklist ${HOME}/.cache/firedragon
-deny  ${HOME}/.cache/flaska.net/trojita
+blacklist ${HOME}/.cache/flaska.net/trojita
-deny  ${HOME}/.cache/folks
+blacklist ${HOME}/.cache/folks
-deny  ${HOME}/.cache/font-manager
+blacklist ${HOME}/.cache/font-manager
-deny  ${HOME}/.cache/fossamail
+blacklist ${HOME}/.cache/fossamail
-deny  ${HOME}/.cache/fractal
+blacklist ${HOME}/.cache/fractal
-deny  ${HOME}/.cache/freecol
+blacklist ${HOME}/.cache/freecol
-deny  ${HOME}/.cache/gajim
+blacklist ${HOME}/.cache/gajim
-deny  ${HOME}/.cache/geary
+blacklist ${HOME}/.cache/geary
-deny  ${HOME}/.cache/geeqie
+blacklist ${HOME}/.cache/geeqie
-deny  ${HOME}/.cache/gegl-0.4
+blacklist ${HOME}/.cache/gegl-0.4
-deny  ${HOME}/.cache/gfeeds
+blacklist ${HOME}/.cache/gfeeds
-deny  ${HOME}/.cache/gimp
+blacklist ${HOME}/.cache/gimp
-deny  ${HOME}/.cache/gnome-boxes
+blacklist ${HOME}/.cache/gnome-boxes
-deny  ${HOME}/.cache/gnome-builder
+blacklist ${HOME}/.cache/gnome-builder
-deny  ${HOME}/.cache/gnome-control-center
+blacklist ${HOME}/.cache/gnome-control-center
-deny  ${HOME}/.cache/gnome-recipes
+blacklist ${HOME}/.cache/gnome-recipes
-deny  ${HOME}/.cache/gnome-screenshot
+blacklist ${HOME}/.cache/gnome-screenshot
-deny  ${HOME}/.cache/gnome-software
+blacklist ${HOME}/.cache/gnome-software
-deny  ${HOME}/.cache/gnome-twitch
+blacklist ${HOME}/.cache/gnome-twitch
-deny  ${HOME}/.cache/godot
+blacklist ${HOME}/.cache/godot
-deny  ${HOME}/.cache/google-chrome
+blacklist ${HOME}/.cache/google-chrome
-deny  ${HOME}/.cache/google-chrome-beta
+blacklist ${HOME}/.cache/google-chrome-beta
-deny  ${HOME}/.cache/google-chrome-unstable
+blacklist ${HOME}/.cache/google-chrome-unstable
-deny  ${HOME}/.cache/gradio
+blacklist ${HOME}/.cache/gradio
-deny  ${HOME}/.cache/gummi
+blacklist ${HOME}/.cache/gummi
-deny  ${HOME}/.cache/icedove
+blacklist ${HOME}/.cache/icedove
-deny  ${HOME}/.cache/inkscape
+blacklist ${HOME}/.cache/inkscape
-deny  ${HOME}/.cache/inox
+blacklist ${HOME}/.cache/inox
-deny  ${HOME}/.cache/iridium
+blacklist ${HOME}/.cache/iridium
-deny  ${HOME}/.cache/JetBrains/CLion*
+blacklist ${HOME}/.cache/JetBrains/CLion*
-deny  ${HOME}/.cache/kcmshell5
+blacklist ${HOME}/.cache/kcmshell5
-deny  ${HOME}/.cache/kdenlive
+blacklist ${HOME}/.cache/kdenlive
-deny  ${HOME}/.cache/keepassxc
+blacklist ${HOME}/.cache/keepassxc
-deny  ${HOME}/.cache/kfind
+blacklist ${HOME}/.cache/kfind
-deny  ${HOME}/.cache/kinfocenter
+blacklist ${HOME}/.cache/kinfocenter
-deny  ${HOME}/.cache/kmail2
+blacklist ${HOME}/.cache/kmail2
-deny  ${HOME}/.cache/krunner
+blacklist ${HOME}/.cache/krunner
-deny  ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
-deny  ${HOME}/.cache/kscreenlocker_greet
+blacklist ${HOME}/.cache/kscreenlocker_greet
-deny  ${HOME}/.cache/ksmserver-logout-greeter
+blacklist ${HOME}/.cache/ksmserver-logout-greeter
-deny  ${HOME}/.cache/ksplashqml
+blacklist ${HOME}/.cache/ksplashqml
-deny  ${HOME}/.cache/kube
+blacklist ${HOME}/.cache/kube
-deny  ${HOME}/.cache/kwin
+blacklist ${HOME}/.cache/kwin
-deny  ${HOME}/.cache/libgweather
+blacklist ${HOME}/.cache/libgweather
-deny  ${HOME}/.cache/librewolf
+blacklist ${HOME}/.cache/librewolf
-deny  ${HOME}/.cache/liferea
+blacklist ${HOME}/.cache/liferea
-deny  ${HOME}/.cache/lutris
+blacklist ${HOME}/.cache/lutris
-deny  ${HOME}/.cache/marker
+blacklist ${HOME}/.cache/marker
-deny  ${HOME}/.cache/matrix-mirage
+blacklist ${HOME}/.cache/matrix-mirage
-deny  ${HOME}/.cache/microsoft-edge-dev
+blacklist ${HOME}/.cache/microsoft-edge-dev
-deny  ${HOME}/.cache/midori
+blacklist ${HOME}/.cache/midori
-deny  ${HOME}/.cache/minetest
+blacklist ${HOME}/.cache/minetest
-deny  ${HOME}/.cache/mirage
+blacklist ${HOME}/.cache/mirage
-deny  ${HOME}/.cache/moonchild productions/basilisk
+blacklist ${HOME}/.cache/moonchild productions/basilisk
-deny  ${HOME}/.cache/moonchild productions/pale moon
+blacklist ${HOME}/.cache/moonchild productions/pale moon
-deny  ${HOME}/.cache/mozilla
+blacklist ${HOME}/.cache/mozilla
-deny  ${HOME}/.cache/ms-excel-online
+blacklist ${HOME}/.cache/ms-excel-online
-deny  ${HOME}/.cache/ms-office-online
+blacklist ${HOME}/.cache/ms-office-online
-deny  ${HOME}/.cache/ms-onenote-online
+blacklist ${HOME}/.cache/ms-onenote-online
-deny  ${HOME}/.cache/ms-outlook-online
+blacklist ${HOME}/.cache/ms-outlook-online
-deny  ${HOME}/.cache/ms-powerpoint-online
+blacklist ${HOME}/.cache/ms-powerpoint-online
-deny  ${HOME}/.cache/ms-skype-online
+blacklist ${HOME}/.cache/ms-skype-online
-deny  ${HOME}/.cache/ms-word-online
+blacklist ${HOME}/.cache/ms-word-online
-deny  ${HOME}/.cache/mutt
+blacklist ${HOME}/.cache/mutt
-deny  ${HOME}/.cache/mypaint
+blacklist ${HOME}/.cache/mypaint
-deny  ${HOME}/.cache/netsurf
+blacklist ${HOME}/.cache/netsurf
-deny  ${HOME}/.cache/nheko
+blacklist ${HOME}/.cache/nheko
-deny  ${HOME}/.cache/okular
+blacklist ${HOME}/.cache/okular
-deny  ${HOME}/.cache/opera
+blacklist ${HOME}/.cache/opera
-deny  ${HOME}/.cache/opera-beta
+blacklist ${HOME}/.cache/opera-beta
-deny  ${HOME}/.cache/org.gabmus.gfeeds
+blacklist ${HOME}/.cache/org.gabmus.gfeeds
-deny  ${HOME}/.cache/org.gnome.Books
+blacklist ${HOME}/.cache/org.gnome.Books
-deny  ${HOME}/.cache/org.gnome.Maps
+blacklist ${HOME}/.cache/org.gnome.Maps
-deny  ${HOME}/.cache/pdfmod
+blacklist ${HOME}/.cache/pdfmod
-deny  ${HOME}/.cache/peek
+blacklist ${HOME}/.cache/peek
-deny  ${HOME}/.cache/pip
+blacklist ${HOME}/.cache/pip
-deny  ${HOME}/.cache/pipe-viewer
+blacklist ${HOME}/.cache/pipe-viewer
-deny  ${HOME}/.cache/plasmashell
+blacklist ${HOME}/.cache/plasmashell
-deny  ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
-deny  ${HOME}/.cache/psi
+blacklist ${HOME}/.cache/psi
-deny  ${HOME}/.cache/qBittorrent
+blacklist ${HOME}/.cache/qBittorrent
-deny  ${HOME}/.cache/quodlibet
+blacklist ${HOME}/.cache/quodlibet
-deny  ${HOME}/.cache/qupzilla
+blacklist ${HOME}/.cache/qupzilla
-deny  ${HOME}/.cache/qutebrowser
+blacklist ${HOME}/.cache/qutebrowser
-deny  ${HOME}/.cache/rhythmbox
+blacklist ${HOME}/.cache/rhythmbox
-deny  ${HOME}/.cache/shotwell
+blacklist ${HOME}/.cache/shotwell
-deny  ${HOME}/.cache/simple-scan
+blacklist ${HOME}/.cache/simple-scan
-deny  ${HOME}/.cache/slimjet
+blacklist ${HOME}/.cache/slimjet
-deny  ${HOME}/.cache/smuxi
+blacklist ${HOME}/.cache/smuxi
-deny  ${HOME}/.cache/snox
+blacklist ${HOME}/.cache/snox
-deny  ${HOME}/.cache/spotify
+blacklist ${HOME}/.cache/spotify
-deny  ${HOME}/.cache/straw-viewer
+blacklist ${HOME}/.cache/straw-viewer
-deny  ${HOME}/.cache/strawberry
+blacklist ${HOME}/.cache/strawberry
-deny  ${HOME}/.cache/supertuxkart
+blacklist ${HOME}/.cache/supertuxkart
-deny  ${HOME}/.cache/systemsettings
+blacklist ${HOME}/.cache/systemsettings
-deny  ${HOME}/.cache/telepathy
+blacklist ${HOME}/.cache/telepathy
-deny  ${HOME}/.cache/thunderbird
+blacklist ${HOME}/.cache/thunderbird
-deny  ${HOME}/.cache/torbrowser
+blacklist ${HOME}/.cache/torbrowser
-deny  ${HOME}/.cache/transmission
+blacklist ${HOME}/.cache/transmission
-deny  ${HOME}/.cache/ungoogled-chromium
+blacklist ${HOME}/.cache/ungoogled-chromium
-deny  ${HOME}/.cache/vivaldi
+blacklist ${HOME}/.cache/vivaldi
-deny  ${HOME}/.cache/vivaldi-snapshot
+blacklist ${HOME}/.cache/vivaldi-snapshot
-deny  ${HOME}/.cache/vlc
+blacklist ${HOME}/.cache/vlc
-deny  ${HOME}/.cache/vmware
+blacklist ${HOME}/.cache/vmware
-deny  ${HOME}/.cache/warsow-2.1
+blacklist ${HOME}/.cache/warsow-2.1
-deny  ${HOME}/.cache/waterfox
+blacklist ${HOME}/.cache/waterfox
-deny  ${HOME}/.cache/wesnoth
+blacklist ${HOME}/.cache/wesnoth
-deny  ${HOME}/.cache/winetricks
+blacklist ${HOME}/.cache/winetricks
-deny  ${HOME}/.cache/xmms2
+blacklist ${HOME}/.cache/xmms2
-deny  ${HOME}/.cache/xreader
+blacklist ${HOME}/.cache/xreader
-deny  ${HOME}/.cache/yandex-browser
+blacklist ${HOME}/.cache/yandex-browser
-deny  ${HOME}/.cache/yandex-browser-beta
+blacklist ${HOME}/.cache/yandex-browser-beta
-deny  ${HOME}/.cache/youtube-dl
+blacklist ${HOME}/.cache/youtube-dl
-deny  ${HOME}/.cache/youtube-viewer
+blacklist ${HOME}/.cache/youtube-viewer
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index da6fb31a3..8274b0215 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -2,14 +2,14 @@
 # Persistent customizations should go in a .local file.
 include disable-shell.local
-deny  ${PATH}/bash
+blacklist ${PATH}/bash
-deny  ${PATH}/csh
+blacklist ${PATH}/csh
-deny  ${PATH}/dash
+blacklist ${PATH}/dash
-deny  ${PATH}/fish
+blacklist ${PATH}/fish
-deny  ${PATH}/ksh
+blacklist ${PATH}/ksh
-deny  ${PATH}/mksh
+blacklist ${PATH}/mksh
-deny  ${PATH}/oksh
+blacklist ${PATH}/oksh
-deny  ${PATH}/sh
+blacklist ${PATH}/sh
-deny  ${PATH}/tclsh
+blacklist ${PATH}/tclsh
-deny  ${PATH}/tcsh
+blacklist ${PATH}/tcsh
-deny  ${PATH}/zsh
+blacklist ${PATH}/zsh
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc
index 32aa8c7f6..22acf272d 100644
--- a/etc/inc/disable-xdg.inc
+++ b/etc/inc/disable-xdg.inc
@@ -2,10 +2,10 @@
 # Persistent customizations should go in a .local file.
 include disable-xdg.local
-deny  ${DOCUMENTS}
+blacklist ${DOCUMENTS}
-deny  ${MUSIC}
+blacklist ${MUSIC}
-deny  ${PICTURES}
+blacklist ${PICTURES}
-deny  ${VIDEOS}
+blacklist ${VIDEOS}
 # The following should be considered catch-all directories
 #blacklist ${DESKTOP}
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc
index 06a424440..862837f12 100644
--- a/etc/inc/whitelist-1793-workaround.inc
+++ b/etc/inc/whitelist-1793-workaround.inc
@@ -3,27 +3,27 @@
 include whitelist-1793-workaround.local
 # This works around bug 1793, and allows whitelisting to be used for some KDE applications.
-nodeny  ${HOME}/.config/ibus
+noblacklist ${HOME}/.config/ibus
-nodeny  ${HOME}/.config/mimeapps.list
+noblacklist ${HOME}/.config/mimeapps.list
-nodeny  ${HOME}/.config/pkcs11
+noblacklist ${HOME}/.config/pkcs11
-nodeny  ${HOME}/.config/user-dirs.dirs
+noblacklist ${HOME}/.config/user-dirs.dirs
-nodeny  ${HOME}/.config/user-dirs.locale
+noblacklist ${HOME}/.config/user-dirs.locale
-nodeny  ${HOME}/.config/dconf
+noblacklist ${HOME}/.config/dconf
-nodeny  ${HOME}/.config/fontconfig
+noblacklist ${HOME}/.config/fontconfig
-nodeny  ${HOME}/.config/gtk-2.0
+noblacklist ${HOME}/.config/gtk-2.0
-nodeny  ${HOME}/.config/gtk-3.0
+noblacklist ${HOME}/.config/gtk-3.0
-nodeny  ${HOME}/.config/gtk-4.0
+noblacklist ${HOME}/.config/gtk-4.0
-nodeny  ${HOME}/.config/gtkrc
+noblacklist ${HOME}/.config/gtkrc
-nodeny  ${HOME}/.config/gtkrc-2.0
+noblacklist ${HOME}/.config/gtkrc-2.0
-nodeny  ${HOME}/.config/Kvantum
+noblacklist ${HOME}/.config/Kvantum
-nodeny  ${HOME}/.config/Trolltech.conf
+noblacklist ${HOME}/.config/Trolltech.conf
-nodeny  ${HOME}/.config/QtProject.conf
+noblacklist ${HOME}/.config/QtProject.conf
-nodeny  ${HOME}/.config/kdeglobals
+noblacklist ${HOME}/.config/kdeglobals
-nodeny  ${HOME}/.config/kio_httprc
+noblacklist ${HOME}/.config/kio_httprc
-nodeny  ${HOME}/.config/kioslaverc
+noblacklist ${HOME}/.config/kioslaverc
-nodeny  ${HOME}/.config/ksslcablacklist
+noblacklist ${HOME}/.config/ksslcablacklist
-nodeny  ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.config/qt5ct
-nodeny  ${HOME}/.config/qtcurve
+noblacklist ${HOME}/.config/qtcurve
-deny  ${HOME}/.config/*
+blacklist ${HOME}/.config/*
-allow  ${HOME}/.config
+whitelist ${HOME}/.config
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc
index 11070e372..fedfb2bc2 100644
--- a/etc/inc/whitelist-common.inc
+++ b/etc/inc/whitelist-common.inc
@@ -4,82 +4,82 @@ include whitelist-common.local
 # common whitelist for all profiles
-allow  ${HOME}/.XCompose
+whitelist ${HOME}/.XCompose
-allow  ${HOME}/.alsaequal.bin
+whitelist ${HOME}/.alsaequal.bin
-allow  ${HOME}/.asoundrc
+whitelist ${HOME}/.asoundrc
-allow  ${HOME}/.config/ibus
+whitelist ${HOME}/.config/ibus
-allow  ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.config/mimeapps.list
-allow  ${HOME}/.config/pkcs11
+whitelist ${HOME}/.config/pkcs11
 read-only ${HOME}/.config/pkcs11
-allow  ${HOME}/.config/user-dirs.dirs
+whitelist ${HOME}/.config/user-dirs.dirs
 read-only ${HOME}/.config/user-dirs.dirs
-allow  ${HOME}/.config/user-dirs.locale
+whitelist ${HOME}/.config/user-dirs.locale
 read-only ${HOME}/.config/user-dirs.locale
-allow  ${HOME}/.drirc
+whitelist ${HOME}/.drirc
-allow  ${HOME}/.icons
+whitelist ${HOME}/.icons
 ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
-allow  ${HOME}/.local/share/applications
+whitelist ${HOME}/.local/share/applications
 read-only ${HOME}/.local/share/applications
-allow  ${HOME}/.local/share/icons
+whitelist ${HOME}/.local/share/icons
-allow  ${HOME}/.local/share/mime
+whitelist ${HOME}/.local/share/mime
-allow  ${HOME}/.mime.types
+whitelist ${HOME}/.mime.types
-allow  ${HOME}/.sndio/cookie
+whitelist ${HOME}/.sndio/cookie
-allow  ${HOME}/.uim.d
+whitelist ${HOME}/.uim.d
 # dconf
 mkdir ${HOME}/.config/dconf
-allow  ${HOME}/.config/dconf
+whitelist ${HOME}/.config/dconf
 # fonts
-allow  ${HOME}/.cache/fontconfig
+whitelist ${HOME}/.cache/fontconfig
-allow  ${HOME}/.config/fontconfig
+whitelist ${HOME}/.config/fontconfig
-allow  ${HOME}/.fontconfig
+whitelist ${HOME}/.fontconfig
-allow  ${HOME}/.fonts
+whitelist ${HOME}/.fonts
-allow  ${HOME}/.fonts.conf
+whitelist ${HOME}/.fonts.conf
-allow  ${HOME}/.fonts.conf.d
+whitelist ${HOME}/.fonts.conf.d
-allow  ${HOME}/.fonts.d
+whitelist ${HOME}/.fonts.d
-allow  ${HOME}/.local/share/fonts
+whitelist ${HOME}/.local/share/fonts
-allow  ${HOME}/.pangorc
+whitelist ${HOME}/.pangorc
 # gtk
-allow  ${HOME}/.config/gtk-2.0
+whitelist ${HOME}/.config/gtk-2.0
-allow  ${HOME}/.config/gtk-3.0
+whitelist ${HOME}/.config/gtk-3.0
-allow  ${HOME}/.config/gtk-4.0
+whitelist ${HOME}/.config/gtk-4.0
-allow  ${HOME}/.config/gtkrc
+whitelist ${HOME}/.config/gtkrc
-allow  ${HOME}/.config/gtkrc-2.0
+whitelist ${HOME}/.config/gtkrc-2.0
-allow  ${HOME}/.gnome2
+whitelist ${HOME}/.gnome2
-allow  ${HOME}/.gnome2-private
+whitelist ${HOME}/.gnome2-private
-allow  ${HOME}/.gtk-2.0
+whitelist ${HOME}/.gtk-2.0
-allow  ${HOME}/.gtkrc
+whitelist ${HOME}/.gtkrc
-allow  ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.gtkrc-2.0
-allow  ${HOME}/.kde/share/config/gtkrc
+whitelist ${HOME}/.kde/share/config/gtkrc
-allow  ${HOME}/.kde/share/config/gtkrc-2.0
+whitelist ${HOME}/.kde/share/config/gtkrc-2.0
-allow  ${HOME}/.kde4/share/config/gtkrc
+whitelist ${HOME}/.kde4/share/config/gtkrc
-allow  ${HOME}/.kde4/share/config/gtkrc-2.0
+whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
-allow  ${HOME}/.local/share/themes
+whitelist ${HOME}/.local/share/themes
-allow  ${HOME}/.themes
+whitelist ${HOME}/.themes
 # qt/kde
-allow  ${HOME}/.cache/kioexec/krun
+whitelist ${HOME}/.cache/kioexec/krun
-allow  ${HOME}/.config/Kvantum
+whitelist ${HOME}/.config/Kvantum
-allow  ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.config/Trolltech.conf
-allow  ${HOME}/.config/QtProject.conf
+whitelist ${HOME}/.config/QtProject.conf
-allow  ${HOME}/.config/kdeglobals
+whitelist ${HOME}/.config/kdeglobals
-allow  ${HOME}/.config/kio_httprc
+whitelist ${HOME}/.config/kio_httprc
-allow  ${HOME}/.config/kioslaverc
+whitelist ${HOME}/.config/kioslaverc
-allow  ${HOME}/.config/ksslcablacklist
+whitelist ${HOME}/.config/ksslcablacklist
-allow  ${HOME}/.config/qt5ct
+whitelist ${HOME}/.config/qt5ct
-allow  ${HOME}/.config/qtcurve
+whitelist ${HOME}/.config/qtcurve
-allow  ${HOME}/.kde/share/config/kdeglobals
+whitelist ${HOME}/.kde/share/config/kdeglobals
-allow  ${HOME}/.kde/share/config/kio_httprc
+whitelist ${HOME}/.kde/share/config/kio_httprc
-allow  ${HOME}/.kde/share/config/kioslaverc
+whitelist ${HOME}/.kde/share/config/kioslaverc
-allow  ${HOME}/.kde/share/config/ksslcablacklist
+whitelist ${HOME}/.kde/share/config/ksslcablacklist
-allow  ${HOME}/.kde/share/config/oxygenrc
+whitelist ${HOME}/.kde/share/config/oxygenrc
-allow  ${HOME}/.kde/share/icons
+whitelist ${HOME}/.kde/share/icons
-allow  ${HOME}/.kde4/share/config/kdeglobals
+whitelist ${HOME}/.kde4/share/config/kdeglobals
-allow  ${HOME}/.kde4/share/config/kio_httprc
+whitelist ${HOME}/.kde4/share/config/kio_httprc
-allow  ${HOME}/.kde4/share/config/kioslaverc
+whitelist ${HOME}/.kde4/share/config/kioslaverc
-allow  ${HOME}/.kde4/share/config/ksslcablacklist
+whitelist ${HOME}/.kde4/share/config/ksslcablacklist
-allow  ${HOME}/.kde4/share/config/oxygenrc
+whitelist ${HOME}/.kde4/share/config/oxygenrc
-allow  ${HOME}/.kde4/share/icons
+whitelist ${HOME}/.kde4/share/icons
-allow  ${HOME}/.local/share/qt5ct
+whitelist ${HOME}/.local/share/qt5ct
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc
index d6ae8eab6..e5bf36804 100644
--- a/etc/inc/whitelist-player-common.inc
+++ b/etc/inc/whitelist-player-common.inc
@@ -4,8 +4,8 @@ include whitelist-player-common.local
 # common whitelist for all media players
-allow  ${DESKTOP}
+whitelist ${DESKTOP}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${MUSIC}
+whitelist ${MUSIC}
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc
index 86e5264b9..48309ffe3 100644
--- a/etc/inc/whitelist-runuser-common.inc
+++ b/etc/inc/whitelist-runuser-common.inc
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local
 # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles
-allow  ${RUNUSER}/bus
+whitelist ${RUNUSER}/bus
-allow  ${RUNUSER}/dconf
+whitelist ${RUNUSER}/dconf
-allow  ${RUNUSER}/gdm/Xauthority
+whitelist ${RUNUSER}/gdm/Xauthority
-allow  ${RUNUSER}/ICEauthority
+whitelist ${RUNUSER}/ICEauthority
-allow  ${RUNUSER}/.mutter-Xwaylandauth.*
+whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
-allow  ${RUNUSER}/pulse/native
+whitelist ${RUNUSER}/pulse/native
-allow  ${RUNUSER}/wayland-0
+whitelist ${RUNUSER}/wayland-0
-allow  ${RUNUSER}/wayland-1
+whitelist ${RUNUSER}/wayland-1
-allow  ${RUNUSER}/xauth_*
+whitelist ${RUNUSER}/xauth_*
-allow  ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
+whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index 64296da15..fe0097934 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local
 # common /usr/share whitelist for all profiles
-allow  /usr/share/alsa
+whitelist /usr/share/alsa
-allow  /usr/share/applications
+whitelist /usr/share/applications
-allow  /usr/share/ca-certificates
+whitelist /usr/share/ca-certificates
-allow  /usr/share/crypto-policies
+whitelist /usr/share/crypto-policies
-allow  /usr/share/cursors
+whitelist /usr/share/cursors
-allow  /usr/share/dconf
+whitelist /usr/share/dconf
-allow  /usr/share/distro-info
+whitelist /usr/share/distro-info
-allow  /usr/share/drirc.d
+whitelist /usr/share/drirc.d
-allow  /usr/share/enchant
+whitelist /usr/share/enchant
-allow  /usr/share/enchant-2
+whitelist /usr/share/enchant-2
-allow  /usr/share/file
+whitelist /usr/share/file
-allow  /usr/share/fontconfig
+whitelist /usr/share/fontconfig
-allow  /usr/share/fonts
+whitelist /usr/share/fonts
-allow  /usr/share/fonts-config
+whitelist /usr/share/fonts-config
-allow  /usr/share/gir-1.0
+whitelist /usr/share/gir-1.0
-allow  /usr/share/gjs-1.0
+whitelist /usr/share/gjs-1.0
-allow  /usr/share/glib-2.0
+whitelist /usr/share/glib-2.0
-allow  /usr/share/glvnd
+whitelist /usr/share/glvnd
-allow  /usr/share/gtk-2.0
+whitelist /usr/share/gtk-2.0
-allow  /usr/share/gtk-3.0
+whitelist /usr/share/gtk-3.0
-allow  /usr/share/gtk-engines
+whitelist /usr/share/gtk-engines
-allow  /usr/share/gtksourceview-3.0
+whitelist /usr/share/gtksourceview-3.0
-allow  /usr/share/gtksourceview-4
+whitelist /usr/share/gtksourceview-4
-allow  /usr/share/hunspell
+whitelist /usr/share/hunspell
-allow  /usr/share/hwdata
+whitelist /usr/share/hwdata
-allow  /usr/share/icons
+whitelist /usr/share/icons
-allow  /usr/share/icu
+whitelist /usr/share/icu
-allow  /usr/share/knotifications5
+whitelist /usr/share/knotifications5
-allow  /usr/share/kservices5
+whitelist /usr/share/kservices5
-allow  /usr/share/Kvantum
+whitelist /usr/share/Kvantum
-allow  /usr/share/kxmlgui5
+whitelist /usr/share/kxmlgui5
-allow  /usr/share/libdrm
+whitelist /usr/share/libdrm
-allow  /usr/share/libthai
+whitelist /usr/share/libthai
-allow  /usr/share/locale
+whitelist /usr/share/locale
-allow  /usr/share/mime
+whitelist /usr/share/mime
-allow  /usr/share/misc
+whitelist /usr/share/misc
-allow  /usr/share/Modules
+whitelist /usr/share/Modules
-allow  /usr/share/myspell
+whitelist /usr/share/myspell
-allow  /usr/share/p11-kit
+whitelist /usr/share/p11-kit
-allow  /usr/share/perl
+whitelist /usr/share/perl
-allow  /usr/share/perl5
+whitelist /usr/share/perl5
-allow  /usr/share/pixmaps
+whitelist /usr/share/pixmaps
-allow  /usr/share/pki
+whitelist /usr/share/pki
-allow  /usr/share/plasma
+whitelist /usr/share/plasma
-allow  /usr/share/publicsuffix
+whitelist /usr/share/publicsuffix
-allow  /usr/share/qt
+whitelist /usr/share/qt
-allow  /usr/share/qt4
+whitelist /usr/share/qt4
-allow  /usr/share/qt5
+whitelist /usr/share/qt5
-allow  /usr/share/qt5ct
+whitelist /usr/share/qt5ct
-allow  /usr/share/sounds
+whitelist /usr/share/sounds
-allow  /usr/share/tcl8.6
+whitelist /usr/share/tcl8.6
-allow  /usr/share/tcltk
+whitelist /usr/share/tcltk
-allow  /usr/share/terminfo
+whitelist /usr/share/terminfo
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/texmf
+whitelist /usr/share/texmf
-allow  /usr/share/themes
+whitelist /usr/share/themes
-allow  /usr/share/thumbnail.so
+whitelist /usr/share/thumbnail.so
-allow  /usr/share/uim
+whitelist /usr/share/uim
-allow  /usr/share/vulkan
+whitelist /usr/share/vulkan
-allow  /usr/share/X11
+whitelist /usr/share/X11
-allow  /usr/share/xml
+whitelist /usr/share/xml
-allow  /usr/share/zenity
+whitelist /usr/share/zenity
-allow  /usr/share/zoneinfo
+whitelist /usr/share/zoneinfo
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc
index c449e8905..d8ba84ad0 100644
--- a/etc/inc/whitelist-var-common.inc
+++ b/etc/inc/whitelist-var-common.inc
@@ -4,12 +4,12 @@ include whitelist-var-common.local
 # common /var whitelist for all profiles
-allow  /var/lib/aspell
+whitelist /var/lib/aspell
-allow  /var/lib/ca-certificates
+whitelist /var/lib/ca-certificates
-allow  /var/lib/dbus
+whitelist /var/lib/dbus
-allow  /var/lib/menu-xdg
+whitelist /var/lib/menu-xdg
-allow  /var/lib/uim
+whitelist /var/lib/uim
-allow  /var/cache/fontconfig
+whitelist /var/cache/fontconfig
-allow  /var/tmp
+whitelist /var/tmp
-allow  /var/run
+whitelist /var/run
-allow  /var/lock
+whitelist /var/lock
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 6f493fff1..4009853d3 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/0ad
+noblacklist ${HOME}/.cache/0ad
-nodeny  ${HOME}/.config/0ad
+noblacklist ${HOME}/.config/0ad
-nodeny  ${HOME}/.local/share/0ad
+noblacklist ${HOME}/.local/share/0ad
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/0ad
 mkdir ${HOME}/.config/0ad
 mkdir ${HOME}/.local/share/0ad
-allow  ${HOME}/.cache/0ad
+whitelist ${HOME}/.cache/0ad
-allow  ${HOME}/.config/0ad
+whitelist ${HOME}/.config/0ad
-allow  ${HOME}/.local/share/0ad
+whitelist ${HOME}/.local/share/0ad
-allow  /usr/share/0ad
+whitelist /usr/share/0ad
-allow  /usr/share/games
+whitelist /usr/share/games
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 3a7b331a7..1d787cba7 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/2048-qt
+noblacklist ${HOME}/.config/2048-qt
-nodeny  ${HOME}/.config/xiaoyong
+noblacklist ${HOME}/.config/xiaoyong
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/2048-qt
 mkdir ${HOME}/.config/xiaoyong
-allow  ${HOME}/.config/2048-qt
+whitelist ${HOME}/.config/2048-qt
-allow  ${HOME}/.config/xiaoyong
+whitelist ${HOME}/.config/xiaoyong
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index def0ec111..1d86b0fbf 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Cryptocat
+noblacklist ${HOME}/.config/Cryptocat
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 1d3ae49ca..3f274b21c 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 private-bin Discord
 private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index 3c85f187b..d24e73ed8 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 private-bin DiscordCanary
 private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 8f746581f..7dc6b5ff0 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Fritzing
+noblacklist ${HOME}/.config/Fritzing
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index 9a00c3230..d10b70796 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.jd
+noblacklist ${HOME}/.jd
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.jd
-allow  ${HOME}/.jd
+whitelist ${HOME}/.jd
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 2a92c7db4..75da9a956 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/abiword
+noblacklist ${HOME}/.config/abiword
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-allow  /usr/share/abiword-3.0
+whitelist /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 70ddcec20..2e6e8f1af 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/abrowser
+whitelist ${HOME}/.cache/mozilla/abrowser
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
 # private-etc must first be enabled in firefox-common.profile
 #private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index d32586c5b..34f59769e 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 7b1d1445f..37fdb38b5 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
+noblacklist ${HOME}/.local/share/notes
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /tmp/akonadi-*
+noblacklist /tmp/akonadi-*
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index b2323547c..38fcd2dc1 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/akregatorrc
+noblacklist ${HOME}/.config/akregatorrc
-nodeny  ${HOME}/.local/share/akregator
+noblacklist ${HOME}/.local/share/akregator
-nodeny  ${HOME}/.local/share/kxmlgui5/akregator
+noblacklist ${HOME}/.local/share/kxmlgui5/akregator
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
 mkdir ${HOME}/.local/share/kxmlgui5/akregator
-allow  ${HOME}/.config/akregatorrc
+whitelist ${HOME}/.config/akregatorrc
-allow  ${HOME}/.local/share/akregator
+whitelist ${HOME}/.local/share/akregator
-allow  ${HOME}/.local/share/kssl
+whitelist ${HOME}/.local/share/kssl
-allow  ${HOME}/.local/share/kxmlgui5/akregator
+whitelist ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index ca6c8d887..4c6d68020 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 # Whitelist your system icon directory,varies by distro
-allow  /usr/share/alacarte
+whitelist /usr/share/alacarte
-allow  /usr/share/app-info
+whitelist /usr/share/app-info
-allow  /usr/share/desktop-directories
+whitelist /usr/share/desktop-directories
-allow  /usr/share/icons
+whitelist /usr/share/icons
-allow  /var/lib/app-info/icons
+whitelist /var/lib/app-info/icons
-allow  /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/applications
-allow  /var/lib/flatpak/exports/share/icons
+whitelist /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 220c3345d..81ee6bd46 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/cor-games
+noblacklist ${HOME}/.local/share/cor-games
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/cor-games
-allow  ${HOME}/.local/share/cor-games
+whitelist ${HOME}/.local/share/cor-games
-allow  /usr/share/alienarena
+whitelist /usr/share/alienarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 6fa3edfa1..0b5cf0df0 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
 # Workaround for bug https://github.com/netblue30/firejail/issues/2747
 # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.addressbook
+noblacklist ${HOME}/.addressbook
-nodeny  ${HOME}/.alpine-smime
+noblacklist ${HOME}/.alpine-smime
-nodeny  ${HOME}/.mailcap
+noblacklist ${HOME}/.mailcap
-nodeny  ${HOME}/.mh_profile
+noblacklist ${HOME}/.mh_profile
-nodeny  ${HOME}/.mime.types
+noblacklist ${HOME}/.mime.types
-nodeny  ${HOME}/.newsrc
+noblacklist ${HOME}/.newsrc
-nodeny  ${HOME}/.pine-crash
+noblacklist ${HOME}/.pine-crash
-nodeny  ${HOME}/.pine-debug1
+noblacklist ${HOME}/.pine-debug1
-nodeny  ${HOME}/.pine-debug2
+noblacklist ${HOME}/.pine-debug2
-nodeny  ${HOME}/.pine-debug3
+noblacklist ${HOME}/.pine-debug3
-nodeny  ${HOME}/.pine-debug4
+noblacklist ${HOME}/.pine-debug4
-nodeny  ${HOME}/.pine-interrupted-mail
+noblacklist ${HOME}/.pine-interrupted-mail
-nodeny  ${HOME}/.pinerc
+noblacklist ${HOME}/.pinerc
-nodeny  ${HOME}/.pinercex
+noblacklist ${HOME}/.pinercex
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
-nodeny  ${HOME}/mail
+noblacklist ${HOME}/mail
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.pine-debug4
 #whitelist ${HOME}/.signature
 #whitelist ${HOME}/mail
-allow  /var/mail
+whitelist /var/mail
-allow  /var/spool/mail
+whitelist /var/spool/mail
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index 03aba36e4..a7caddc4c 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index 00039a7e9..e3c4164ee 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.aMule
+noblacklist ${HOME}/.aMule
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.aMule
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.aMule
+whitelist ${HOME}/.aMule
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5bf6ed773..5a21744cf 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Google
+noblacklist ${HOME}/.config/Google
-nodeny  ${HOME}/.AndroidStudio*
+noblacklist ${HOME}/.AndroidStudio*
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
+noblacklist ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index c1aa18ff3..13bb01ce2 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.local/share/Anki2
+noblacklist ${HOME}/.local/share/Anki2
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/Anki2
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${HOME}/.local/share/Anki2
+whitelist ${HOME}/.local/share/Anki2
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index cb30ed8da..fdaf10259 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.anydesk
+noblacklist ${HOME}/.anydesk
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.anydesk
-allow  ${HOME}/.anydesk
+whitelist ${HOME}/.anydesk
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index d647a4657..e7b09283e 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.bash_history
+noblacklist ${HOME}/.bash_history
-nodeny  ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
+noblacklist ${HOME}/.jack-settings
-nodeny  ${HOME}/.repo_.gitconfig.json
+noblacklist ${HOME}/.repo_.gitconfig.json
-nodeny  ${HOME}/.repoconfig
+noblacklist ${HOME}/.repoconfig
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 020ae2812..01566314f 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.texlive20*
+noblacklist ${HOME}/.texlive20*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/apostrophe
+whitelist /usr/share/apostrophe
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/texmf
+whitelist /usr/share/texmf
-allow  /usr/share/pandoc-*
+whitelist /usr/share/pandoc-*
-allow  /usr/share/perl5
+whitelist /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index 8c71dd574..accabb6f5 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/arch-audit
+whitelist /usr/share/arch-audit
 include whitelist-usr-share-common.inc
 apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 0915ede33..19c37f90e 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 5b859ceb1..1fab4606b 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
 # common profile for archiver/compression tools
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 # Comment/uncomment the relevant include file(s) in your archiver-common.local
 # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 960948afc..84b1d6c18 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ardour4
+noblacklist ${HOME}/.config/ardour4
-nodeny  ${HOME}/.config/ardour5
+noblacklist ${HOME}/.config/ardour5
-nodeny  ${HOME}/.lv2
+noblacklist ${HOME}/.lv2
-nodeny  ${HOME}/.vst
+noblacklist ${HOME}/.vst
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index 88f14fbfe..fd1ca9a09 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.arduino15
+noblacklist ${HOME}/.arduino15
-nodeny  ${HOME}/Arduino
+noblacklist ${HOME}/Arduino
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index be56011f0..22b8ecd65 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.aria2
+noblacklist ${HOME}/.aria2
-nodeny  ${HOME}/.config/aria2
+noblacklist ${HOME}/.config/aria2
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index 031c57080..a63dd8f5f 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/arkrc
+noblacklist ${HOME}/.config/arkrc
-nodeny  ${HOME}/.local/share/kxmlgui5/ark
+noblacklist ${HOME}/.local/share/kxmlgui5/ark
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/ark
+whitelist /usr/share/ark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 9ed8076be..2c8b630ce 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.arm
+noblacklist ${HOME}/.arm
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.arm
-allow  ${HOME}/.arm
+whitelist ${HOME}/.arm
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index 7cfac4915..fab72b7d3 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/artha.conf
+noblacklist ${HOME}/.config/artha.conf
-nodeny  ${HOME}/.config/artha.log
+noblacklist ${HOME}/.config/artha.log
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/artha.conf
 #whitelist ${HOME}/.config/artha.log
 #whitelist ${HOME}/.config/enchant
-allow  /usr/share/artha
+whitelist /usr/share/artha
-allow  /usr/share/wordnet
+whitelist /usr/share/wordnet
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index f2251c210..977fe30a4 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index e65072266..c97fd691a 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/asunder
+noblacklist ${HOME}/.config/asunder
-nodeny  ${HOME}/.asunder_album_genre
+noblacklist ${HOME}/.asunder_album_genre
-nodeny  ${HOME}/.asunder_album_title
+noblacklist ${HOME}/.asunder_album_title
-nodeny  ${HOME}/.asunder_album_artist
+noblacklist ${HOME}/.asunder_album_artist
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index ea3038537..5f237ac59 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
 ignore apparmor
 ignore disable-mnt
-nodeny  ${HOME}/.atom
+noblacklist ${HOME}/.atom
-nodeny  ${HOME}/.config/Atom
+noblacklist ${HOME}/.config/Atom
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 8ae8617cf..1c3ed66ff 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/atril
+noblacklist ${HOME}/.cache/atril
-nodeny  ${HOME}/.config/atril
+noblacklist ${HOME}/.config/atril
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index 53baf0a2a..f9f209786 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Audaciousrc
+noblacklist ${HOME}/.config/Audaciousrc
-nodeny  ${HOME}/.config/audacious
+noblacklist ${HOME}/.config/audacious
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index c244846e1..a2de8436a 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.audacity-data
+noblacklist ${HOME}/.audacity-data
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 534792cc6..2c7fdc812 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${MUSIC}
+whitelist ${MUSIC}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/audio-recorder
+whitelist /usr/share/audio-recorder
-allow  /usr/share/gstreamer-1.0
+whitelist /usr/share/gstreamer-1.0
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 0d6eb6a21..2ebe35dd5 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/authenticator-rs
+noblacklist ${HOME}/.local/share/authenticator-rs
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/authenticator-rs
-allow  ${HOME}/.local/share/authenticator-rs
+whitelist ${HOME}/.local/share/authenticator-rs
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/uk.co.grumlimited.authenticator-rs
+whitelist /usr/share/uk.co.grumlimited.authenticator-rs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 55d967e3e..42d9cd56a 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Authenticator
+noblacklist ${HOME}/.cache/Authenticator
-nodeny  ${HOME}/.config/Authenticator
+noblacklist ${HOME}/.config/Authenticator
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index a5b3b22f6..891928e5a 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.config/autokey
+noblacklist ${HOME}/.config/autokey
-nodeny  ${HOME}/.local/share/autokey
+noblacklist ${HOME}/.local/share/autokey
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 0feb05d75..1ecc03da1 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.avidemux6
+noblacklist ${HOME}/.avidemux6
-nodeny  ${HOME}/.config/avidemux3_qt5rc
+noblacklist ${HOME}/.config/avidemux3_qt5rc
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.avidemux6
 mkdir ${HOME}/.config/avidemux3_qt5rc
-allow  ${HOME}/.avidemux6
+whitelist ${HOME}/.avidemux6
-allow  ${HOME}/.config/avidemux3_qt5rc
+whitelist ${HOME}/.config/avidemux3_qt5rc
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index abe9fdb24..a57ad4014 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/aweather
+noblacklist ${HOME}/.config/aweather
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/aweather
-allow  ${HOME}/.config/aweather
+whitelist ${HOME}/.config/aweather
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 58f4f5e96..5d1bf5071 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
 include globals.local
 # all applications started in awesome will run in this profile
-nodeny  ${HOME}/.config/awesome
+noblacklist ${HOME}/.config/awesome
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 46bb0b44e..3952921a3 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ballbuster.hs
+noblacklist ${HOME}/.ballbuster.hs
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.ballbuster.hs
-allow  ${HOME}/.ballbuster.hs
+whitelist ${HOME}/.ballbuster.hs
-allow  /usr/share/ballbuster
+whitelist /usr/share/ballbuster
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index 2b10883f7..fe86d9b80 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
 # read-write ${HOME}/.local/share/baloo
 # ignore read-write
-nodeny  ${HOME}/.config/baloofilerc
+noblacklist ${HOME}/.config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloofilerc
+noblacklist ${HOME}/.kde/share/config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloorc
+noblacklist ${HOME}/.kde/share/config/baloorc
-nodeny  ${HOME}/.kde4/share/config/baloofilerc
+noblacklist ${HOME}/.kde4/share/config/baloofilerc
-nodeny  ${HOME}/.kde4/share/config/baloorc
+noblacklist ${HOME}/.kde4/share/config/baloorc
-nodeny  ${HOME}/.local/share/baloo
+noblacklist ${HOME}/.local/share/baloo
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 1e74443aa..8c69652c5 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.balsa
+noblacklist ${HOME}/.balsa
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
-nodeny  ${HOME}/mail
+noblacklist ${HOME}/mail
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.signature
 mkdir ${HOME}/mail
-allow  ${HOME}/.balsa
+whitelist ${HOME}/.balsa
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.signature
+whitelist ${HOME}/.signature
-allow  ${HOME}/mail
+whitelist ${HOME}/mail
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/balsa
+whitelist /usr/share/balsa
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /var/mail
+whitelist /var/mail
-allow  /var/spool/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index fcea9b3ba..7b50e9199 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Debauchee/Barrier.conf
+noblacklist ${HOME}/.config/Debauchee/Barrier.conf
-nodeny  ${HOME}/.local/share/barrier
+noblacklist ${HOME}/.local/share/barrier
-nodeny  ${PATH}/openssl
+noblacklist ${PATH}/openssl
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 547c67fc8..8dc3847a0 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/moonchild productions/basilisk
+noblacklist ${HOME}/.cache/moonchild productions/basilisk
-nodeny  ${HOME}/.moonchild productions/basilisk
+noblacklist ${HOME}/.moonchild productions/basilisk
 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-allow  ${HOME}/.cache/moonchild productions/basilisk
+whitelist ${HOME}/.cache/moonchild productions/basilisk
-allow  ${HOME}/.moonchild productions
+whitelist ${HOME}/.moonchild productions
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index a1d2b1e73..3ecaea7fe 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/bcompare
+noblacklist ${HOME}/.config/bcompare
 # In case the user decides to include disable-programs.inc, still allow
 # KDE's Gwenview to view images via right click -> Open With -> Associated Application
-nodeny  ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/gwenviewrc
 # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index 588f460a8..f3a9568bd 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
-nodeny  ${HOME}/.config/Beaker Browser
+noblacklist ${HOME}/.config/Beaker Browser
 mkdir ${HOME}/.config/Beaker Browser
-allow  ${HOME}/.config/Beaker Browser
+whitelist ${HOME}/.config/Beaker Browser
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index 717d7258d..c7a82afbd 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bibletime
+noblacklist ${HOME}/.bibletime
-nodeny  ${HOME}/.sword
+noblacklist ${HOME}/.sword
-nodeny  ${HOME}/.local/share/bibletime
+noblacklist ${HOME}/.local/share/bibletime
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 include disable-common.inc
 include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
 mkdir ${HOME}/.bibletime
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.local/share/bibletime
-allow  ${HOME}/.bibletime
+whitelist ${HOME}/.bibletime
-allow  ${HOME}/.sword
+whitelist ${HOME}/.sword
-allow  ${HOME}/.local/share/bibletime
+whitelist ${HOME}/.local/share/bibletime
-allow  /usr/share/bibletime
+whitelist /usr/share/bibletime
-allow  /usr/share/doc/bibletime
+whitelist /usr/share/doc/bibletime
-allow  /usr/share/sword
+whitelist /usr/share/sword
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index b02fcc3e0..854fe5cb9 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/bijiben
+noblacklist ${HOME}/.local/share/bijiben
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/bijiben
-allow  ${HOME}/.local/share/bijiben
+whitelist ${HOME}/.local/share/bijiben
-allow  ${HOME}/.cache/tracker
+whitelist ${HOME}/.cache/tracker
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/bijiben
+whitelist /usr/share/bijiben
-allow  /usr/share/tracker
+whitelist /usr/share/tracker
-allow  /usr/share/tracker3
+whitelist /usr/share/tracker3
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index c4ec0f820..932db9b73 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bitcoin
+noblacklist ${HOME}/.bitcoin
-nodeny  ${HOME}/.config/Bitcoin
+noblacklist ${HOME}/.config/Bitcoin
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
-allow  ${HOME}/.bitcoin
+whitelist ${HOME}/.bitcoin
-allow  ${HOME}/.config/Bitcoin
+whitelist ${HOME}/.config/Bitcoin
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index 0f000b26b..dd7651979 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # noblacklist /var/log
 include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index 4b292d72a..ba2eb2ea7 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Bitwarden
+noblacklist ${HOME}/.config/Bitwarden
 include disable-shell.inc
 mkdir ${HOME}/.config/Bitwarden
-allow  ${HOME}/.config/Bitwarden
+whitelist ${HOME}/.config/Bitwarden
 machine-id
 no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 616ad6801..233f9a96f 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
 include globals.local
 # all applications started in blackbox will run in this profile
-nodeny  ${HOME}/.blackbox
+noblacklist ${HOME}/.blackbox
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 8d0b5616f..701ae431e 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/blender
+noblacklist ${HOME}/.config/blender
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 # Allow usage of AMD GPU by OpenCL
-nodeny  /sys/module
+noblacklist /sys/module
-allow  /sys/module/amdgpu
+whitelist /sys/module/amdgpu
 read-only /sys/module/amdgpu
 caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index ca5f96eee..80dc750f7 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/bless
+noblacklist ${HOME}/.config/bless
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index ee2a73b54..229c20293 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.blobby
+noblacklist ${HOME}/.blobby
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.blobby
-allow  ${HOME}/.blobby
+whitelist ${HOME}/.blobby
 include whitelist-common.inc
-allow  /usr/share/blobby
+whitelist /usr/share/blobby
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index e0be5261e..904710cb5 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.parallelrealities/blobwars
+noblacklist ${HOME}/.parallelrealities/blobwars
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.parallelrealities/blobwars
-allow  ${HOME}/.parallelrealities/blobwars
+whitelist ${HOME}/.parallelrealities/blobwars
-allow  /usr/share/blobwars
+whitelist /usr/share/blobwars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index dcfd5d8d2..6e8f0d7d1 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/bnox
+noblacklist ${HOME}/.cache/bnox
-nodeny  ${HOME}/.config/bnox
+noblacklist ${HOME}/.config/bnox
 mkdir ${HOME}/.cache/bnox
 mkdir ${HOME}/.config/bnox
-allow  ${HOME}/.cache/bnox
+whitelist ${HOME}/.cache/bnox
-allow  ${HOME}/.config/bnox
+whitelist ${HOME}/.config/bnox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index a14bb8fef..0cbac049a 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Brackets
+noblacklist ${HOME}/.config/Brackets
 #noblacklist /opt/brackets
 #noblacklist /opt/google
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index a78882409..417a6b3e0 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/brasero
+noblacklist ${HOME}/.config/brasero
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index bc2d7a6a1..09548c761 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/BraveSoftware
+noblacklist ${HOME}/.cache/BraveSoftware
-nodeny  ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/brave
+noblacklist ${HOME}/.config/brave
-nodeny  ${HOME}/.config/brave-flags.conf
+noblacklist ${HOME}/.config/brave-flags.conf
 # brave uses gpg for built-in password manager
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 mkdir ${HOME}/.cache/BraveSoftware
 mkdir ${HOME}/.config/BraveSoftware
 mkdir ${HOME}/.config/brave
-allow  ${HOME}/.cache/BraveSoftware
+whitelist ${HOME}/.cache/BraveSoftware
-allow  ${HOME}/.config/BraveSoftware
+whitelist ${HOME}/.config/BraveSoftware
-allow  ${HOME}/.config/brave
+whitelist ${HOME}/.config/brave
-allow  ${HOME}/.config/brave-flags.conf
+whitelist ${HOME}/.config/brave-flags.conf
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
 # Brave sandbox needs read access to /proc/config.gz
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index 62ca041c2..bda96bbb3 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bzf
+noblacklist ${HOME}/.bzf
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.bzf
-allow  ${HOME}/.bzf
+whitelist ${HOME}/.bzf
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 99706620c..83571397b 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/calibre
+noblacklist ${HOME}/.cache/calibre
-nodeny  ${HOME}/.config/calibre
+noblacklist ${HOME}/.config/calibre
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index 36ecc06a0..fcff47662 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligra
+noblacklist ${HOME}/.local/share/kxmlgui5/calligra
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 76123c96a..006c307ab 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/calligragemini
+noblacklist ${HOME}/.local/share/calligragemini
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 5fb1e16da..81dbd4dcd 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplan
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index c176bfea1..bba91b66b 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplanwork
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index b7ac68945..7bc296047 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrasheets
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 1258fec56..7694abbe4 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrastage
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index c2b6c8041..d69d56a95 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrawords
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 390ae383c..74c7cc34b 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/cameramonitor
+whitelist /usr/share/cameramonitor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 77bdc09e0..96f88a7c4 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/cantata
+noblacklist ${HOME}/.cache/cantata
-nodeny  ${HOME}/.config/cantata
+noblacklist ${HOME}/.config/cantata
-nodeny  ${HOME}/.local/share/cantata
+noblacklist ${HOME}/.local/share/cantata
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 9c53af84f..7cf04c550 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
 ignore noexec ${HOME}
 ignore noexec /tmp
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.cargo/credentials
+noblacklist ${HOME}/.cargo/credentials
-nodeny  ${HOME}/.cargo/credentials.toml
+noblacklist ${HOME}/.cargo/credentials.toml
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.cargo
 #whitelist ${HOME}/.rustup
 #include whitelist-common.inc
-allow  /usr/share/pkgconfig
+whitelist /usr/share/pkgconfig
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 4ea53ea6b..009d3a049 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
-nodeny  ${HOME}/.config/catfish
+noblacklist ${HOME}/.config/catfish
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
-allow  /var/lib/mlocate
+whitelist /var/lib/mlocate
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index d7aee1902..6e137010c 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cawbird
+noblacklist ${HOME}/.config/cawbird
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index d6f4306ba..1c539cc93 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/celluloid
+noblacklist ${HOME}/.config/celluloid
-nodeny  ${HOME}/.config/gnome-mpv
+noblacklist ${HOME}/.config/gnome-mpv
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/celluloid
 mkdir ${HOME}/.config/gnome-mpv
 mkdir ${HOME}/.config/youtube-dl
-allow  ${HOME}/.config/celluloid
+whitelist ${HOME}/.config/celluloid
-allow  ${HOME}/.config/gnome-mpv
+whitelist ${HOME}/.config/gnome-mpv
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/youtube-dl
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 0f61084e0..24939fc70 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index bde3e1311..aca1f5876 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
 # Persistent global definitions
 include globals.local
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  /usr/share/gnome-video-effects
+whitelist /usr/share/gnome-video-effects
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index d5dedd81d..7621b3c8c 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cherrytree
+noblacklist ${HOME}/.config/cherrytree
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 64c45772a..8803a4d9d 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
 # Persistent local customizations
 include chromium-browser-privacy.local
-nodeny  ${HOME}/.cache/ungoogled-chromium
+noblacklist ${HOME}/.cache/ungoogled-chromium
-nodeny  ${HOME}/.config/ungoogled-chromium
+noblacklist ${HOME}/.config/ungoogled-chromium
-deny  /usr/libexec
+blacklist /usr/libexec
 mkdir ${HOME}/.cache/ungoogled-chromium
 mkdir ${HOME}/.config/ungoogled-chromium
-allow  ${HOME}/.cache/ungoogled-chromium
+whitelist ${HOME}/.cache/ungoogled-chromium
-allow  ${HOME}/.config/ungoogled-chromium
+whitelist ${HOME}/.config/ungoogled-chromium
 # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index dbeb715d4..b0e0254d4 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
 # to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index ea92e90a8..9ac33aa1c 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/chromium
+noblacklist ${HOME}/.cache/chromium
-nodeny  ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/chromium-flags.conf
+noblacklist ${HOME}/.config/chromium-flags.conf
 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
-allow  ${HOME}/.cache/chromium
+whitelist ${HOME}/.cache/chromium
-allow  ${HOME}/.config/chromium
+whitelist ${HOME}/.config/chromium
-allow  ${HOME}/.config/chromium-flags.conf
+whitelist ${HOME}/.config/chromium-flags.conf
-allow  /usr/share/chromium
+whitelist /usr/share/chromium
-allow  /usr/share/mozilla/extensions
+whitelist /usr/share/mozilla/extensions
 # private-bin chromium,chromium-browser,chromedriver
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index c967e1c96..e1f9523c4 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bcast5
+noblacklist ${HOME}/.bcast5
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index 0efbcd4f2..e403c2c41 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-exec.inc
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 3e4e1f2a1..691657fa0 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 # Add the below lines to your claws-mail.local if you use python-based plugins.
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 #include allow-python3.inc
-allow  /usr/share/doc/claws-mail
+whitelist /usr/share/doc/claws-mail
 # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index ee64391d9..9b62a1f73 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index f9c0006f9..fa33795c1 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Clementine
+noblacklist ${HOME}/.cache/Clementine
-nodeny  ${HOME}/.config/Clementine
+noblacklist ${HOME}/.config/Clementine
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 5c5399069..77952358f 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,16 +5,16 @@ include clion.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/JetBrains/CLion*
+noblacklist ${HOME}/.config/JetBrains/CLion*
-nodeny  ${HOME}/.cache/JetBrains/CLion*
+noblacklist ${HOME}/.cache/JetBrains/CLion*
-nodeny  ${HOME}/.clion*
+noblacklist ${HOME}/.clion*
-nodeny  ${HOME}/.CLion*
+noblacklist ${HOME}/.CLion*
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.java
+noblacklist ${HOME}/.java
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index 89f8d96f0..c8258da07 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Philipp Schmieder
+noblacklist ${HOME}/.config/Philipp Schmieder
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index 4a2a5171b..d421903a3 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/clipit
+noblacklist ${HOME}/.config/clipit
-nodeny  ${HOME}/.local/share/clipit
+noblacklist ${HOME}/.local/share/clipit
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/clipit
 mkdir ${HOME}/.local/share/clipit
-allow  ${HOME}/.config/clipit
+whitelist ${HOME}/.config/clipit
-allow  ${HOME}/.local/share/clipit
+whitelist ${HOME}/.local/share/clipit
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index 22c6ef882..d0b8cc0ef 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/cliqz
+noblacklist ${HOME}/.cache/cliqz
-nodeny  ${HOME}/.cliqz
+noblacklist ${HOME}/.cliqz
-nodeny  ${HOME}/.config/cliqz
+noblacklist ${HOME}/.config/cliqz
 mkdir ${HOME}/.cache/cliqz
 mkdir ${HOME}/.cliqz
 mkdir ${HOME}/.config/cliqz
-allow  ${HOME}/.cache/cliqz
+whitelist ${HOME}/.cache/cliqz
-allow  ${HOME}/.cliqz
+whitelist ${HOME}/.cliqz
-allow  ${HOME}/.config/cliqz
+whitelist ${HOME}/.config/cliqz
 # private-etc must first be enabled in firefox-common.profile
 #private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index 51e53209f..bcd557787 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cmus
+noblacklist ${HOME}/.config/cmus
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index 1933c66fa..e19b78908 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Code
+noblacklist ${HOME}/.config/Code
-nodeny  ${HOME}/.config/Code - OSS
+noblacklist ${HOME}/.config/Code - OSS
-nodeny  ${HOME}/.vscode
+noblacklist ${HOME}/.vscode
-nodeny  ${HOME}/.vscode-oss
+noblacklist ${HOME}/.vscode-oss
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index efa7f516c..bd6d8f5b0 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.suve/colorful
+noblacklist ${HOME}/.suve/colorful
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.suve/colorful
-allow  ${HOME}/.suve/colorful
+whitelist ${HOME}/.suve/colorful
-allow  /usr/share/suve
+whitelist /usr/share/suve
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index 34b662959..c8bdfec23 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/com.github.bleakgrey.tootle
+noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/com.github.bleakgrey.tootle
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/com.github.bleakgrey.tootle
+whitelist ${HOME}/.config/com.github.bleakgrey.tootle
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 4e26e4925..b467a0f7a 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/agenda
+noblacklist ${HOME}/.cache/agenda
-nodeny  ${HOME}/.config/agenda
+noblacklist ${HOME}/.config/agenda
-nodeny  ${HOME}/.local/share/agenda
+noblacklist ${HOME}/.local/share/agenda
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/agenda
 mkdir ${HOME}/.config/agenda
 mkdir ${HOME}/.local/share/agenda
-allow  ${HOME}/.cache/agenda
+whitelist ${HOME}/.cache/agenda
-allow  ${HOME}/.config/agenda
+whitelist ${HOME}/.config/agenda
-allow  ${HOME}/.local/share/agenda
+whitelist ${HOME}/.local/share/agenda
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index bbfc1fe41..c13f9618b 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.cache/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
-nodeny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
 mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${HOME}/.cache/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
-allow  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/com.github.johnfactotum.Foliate
+whitelist /usr/share/com.github.johnfactotum.Foliate
-allow  /usr/share/hyphen
+whitelist /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index 3e9acc6c8..d0402d188 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/minder
+noblacklist ${HOME}/.local/share/minder
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/minder
-allow  ${HOME}/.local/share/minder
+whitelist ${HOME}/.local/share/minder
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 6cc9ec551..38edf0d21 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.conkeror.mozdev.org
+noblacklist ${HOME}/.conkeror.mozdev.org
 include disable-common.inc
 include disable-programs.inc
 mkdir ${HOME}/.conkeror.mozdev.org
 mkfile ${HOME}/.conkerorrc
-allow  ${HOME}/.conkeror.mozdev.org
+whitelist ${HOME}/.conkeror.mozdev.org
-allow  ${HOME}/.conkerorrc
+whitelist ${HOME}/.conkerorrc
-allow  ${HOME}/.lastpass
+whitelist ${HOME}/.lastpass
-allow  ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pentadactylrc
-allow  ${HOME}/.vimperator
+whitelist ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
+whitelist ${HOME}/.vimperatorrc
-allow  ${HOME}/.zotero
+whitelist ${HOME}/.zotero
-allow  ${HOME}/dwhelper
+whitelist ${HOME}/dwhelper
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index 1b3fe6651..eaa18739d 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 266c404ee..2fb446e2a 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/corebird
+noblacklist ${HOME}/.config/corebird
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 0a1353e40..1635995dc 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cower
+noblacklist ${HOME}/.config/cower
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 5e48c8022..7ece35c2b 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/coyim
+noblacklist ${HOME}/.config/coyim
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/coyim
-allow  ${HOME}/.config/coyim
+whitelist ${HOME}/.config/coyim
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index dec8c086b..bdc4f21a6 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index 81292c01c..b10216895 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.crawl
+noblacklist ${HOME}/.crawl
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.crawl
-allow  ${HOME}/.crawl
+whitelist ${HOME}/.crawl
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 36bd93778..02b15ecc2 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
 mkdir ${HOME}/.config/crow
 mkdir ${HOME}/.cache/gstreamer-1.0
-allow  ${HOME}/.config/crow
+whitelist ${HOME}/.config/crow
-allow  ${HOME}/.cache/gstreamer-1.0
+whitelist ${HOME}/.cache/gstreamer-1.0
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 4950b7a4c..c9867c5d7 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
 # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
 # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
 # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
-nodeny  ${HOME}/.curl-hsts
+noblacklist ${HOME}/.curl-hsts
-nodeny  ${HOME}/.curlrc
+noblacklist ${HOME}/.curlrc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index 49f972e4a..d1fff0004 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.8pecxstudios
+noblacklist ${HOME}/.8pecxstudios
-nodeny  ${HOME}/.cache/8pecxstudios
+noblacklist ${HOME}/.cache/8pecxstudios
 mkdir ${HOME}/.8pecxstudios
 mkdir ${HOME}/.cache/8pecxstudios
-allow  ${HOME}/.8pecxstudios
+whitelist ${HOME}/.8pecxstudios
-allow  ${HOME}/.cache/8pecxstudios
+whitelist ${HOME}/.cache/8pecxstudios
 # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index c7ce1730a..ba1e7adad 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/d-feet
+noblacklist ${HOME}/.config/d-feet
 # Allow python (disabled by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/d-feet
-allow  ${HOME}/.config/d-feet
+whitelist ${HOME}/.config/d-feet
-allow  /usr/share/d-feet
+whitelist /usr/share/d-feet
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 4d51c255e..61fa52928 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/darktable
+noblacklist ${HOME}/.cache/darktable
-nodeny  ${HOME}/.config/darktable
+noblacklist ${HOME}/.config/darktable
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 745042d6f..67a61bb60 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index c1231c6cf..0c221850a 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index b9d385adf..be7514cbf 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 09fa7a07a..5b95b74be 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/ddgtk
+whitelist /usr/share/ddgtk
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index 25fa944a1..a221ebbd7 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/deadbeef
+noblacklist ${HOME}/.config/deadbeef
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index d41a4a023..ad7aa6ed5 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/deluge
+noblacklist ${HOME}/.config/deluge
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.config/deluge
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/deluge
+whitelist ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index aed4355d5..212cdab60 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/onlyoffice
+noblacklist ${HOME}/.config/onlyoffice
-nodeny  ${HOME}/.local/share/onlyoffice
+noblacklist ${HOME}/.local/share/onlyoffice
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index dc0f290fb..5007f8e74 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/devhelp
+whitelist /usr/share/devhelp
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/gtk-doc/html
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 631f15f93..6267b5709 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.devilspie
+noblacklist ${HOME}/.devilspie
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.devilspie
-allow  ${HOME}/.devilspie
+whitelist ${HOME}/.devilspie
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 140c9da0f..9eab3f536 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
 # Persistent global definitions
 #include globals.local
-deny  ${HOME}/.devilspie
+blacklist ${HOME}/.devilspie
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/devilspie2
+noblacklist ${HOME}/.config/devilspie2
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 mkdir ${HOME}/.config/devilspie2
-allow  ${HOME}/.config/devilspie2
+whitelist ${HOME}/.config/devilspie2
 private-bin devilspie2
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 2a808238b..531734b7d 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dia
+noblacklist ${HOME}/.dia
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.dia
 #whitelist ${DOCUMENTS}
 #include whitelist-common.inc
-allow  /usr/share/dia
+whitelist /usr/share/dia
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 2d683b811..247159a8a 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.digrc
+noblacklist ${HOME}/.digrc
-nodeny  ${PATH}/dig
+noblacklist ${PATH}/dig
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 # include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 #mkfile ${HOME}/.digrc - see #903
-allow  ${HOME}/.digrc
+whitelist ${HOME}/.digrc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 124b50952..2ca7bd400 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/digikam
+noblacklist ${HOME}/.config/digikam
-nodeny  ${HOME}/.config/digikamrc
+noblacklist ${HOME}/.config/digikamrc
-nodeny  ${HOME}/.kde/share/apps/digikam
+noblacklist ${HOME}/.kde/share/apps/digikam
-nodeny  ${HOME}/.kde4/share/apps/digikam
+noblacklist ${HOME}/.kde4/share/apps/digikam
-nodeny  ${HOME}/.local/share/kxmlgui5/digikam
+noblacklist ${HOME}/.local/share/kxmlgui5/digikam
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 883466f4d..9871a6095 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dillo
+noblacklist ${HOME}/.dillo
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 mkdir ${HOME}/.dillo
 mkdir ${HOME}/.fltk
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.dillo
+whitelist ${HOME}/.dillo
-allow  ${HOME}/.fltk
+whitelist ${HOME}/.fltk
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index 3078bef71..c3174b35f 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/dino
+noblacklist ${HOME}/.local/share/dino
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.local/share/dino
-allow  ${HOME}/.local/share/dino
+whitelist ${HOME}/.local/share/dino
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 1c53cd211..43db95b8a 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 6bee1901c..19e7bd9ab 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
 ignore noexec ${HOME}
 ignore novideo
-allow  ${HOME}/.config/BetterDiscord
+whitelist ${HOME}/.config/BetterDiscord
-allow  ${HOME}/.local/share/betterdiscordctl
+whitelist ${HOME}/.local/share/betterdiscordctl
 private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
 private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 658d3fc83..8ef02a30f 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 private-bin discord
 private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 4474b97d2..11f3fd36e 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 8c3d6211b..51ba6f8b7 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/dnox
+noblacklist ${HOME}/.cache/dnox
-nodeny  ${HOME}/.config/dnox
+noblacklist ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/dnox
 mkdir ${HOME}/.config/dnox
-allow  ${HOME}/.cache/dnox
+whitelist ${HOME}/.cache/dnox
-allow  ${HOME}/.config/dnox
+whitelist ${HOME}/.config/dnox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index dbcef36f8..f8fb1a331 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/dnscrypt-proxy
+whitelist /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b1acbf392..01398c2b2 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 15b312ecb..49feec32e 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
 # Note: you must whitelist your games folder in your dolphin-emu.local.
-nodeny  ${HOME}/.cache/dolphin-emu
+noblacklist ${HOME}/.cache/dolphin-emu
-nodeny  ${HOME}/.config/dolphin-emu
+noblacklist ${HOME}/.config/dolphin-emu
-nodeny  ${HOME}/.local/share/dolphin-emu
+noblacklist ${HOME}/.local/share/dolphin-emu
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
 mkdir ${HOME}/.config/dolphin-emu
 mkdir ${HOME}/.local/share/dolphin-emu
-allow  ${HOME}/.cache/dolphin-emu
+whitelist ${HOME}/.cache/dolphin-emu
-allow  ${HOME}/.config/dolphin-emu
+whitelist ${HOME}/.config/dolphin-emu
-allow  ${HOME}/.local/share/dolphin-emu
+whitelist ${HOME}/.local/share/dolphin-emu
-allow  /usr/share/dolphin-emu
+whitelist /usr/share/dolphin-emu
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 3b0adcc36..37a4113cb 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dooble
+noblacklist ${HOME}/.dooble
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.dooble
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.dooble
+whitelist ${HOME}/.dooble
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 29e506764..988f66f28 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dosbox
+noblacklist ${HOME}/.dosbox
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 90ca11774..8fa01d504 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/dragonplayerrc
+noblacklist ${HOME}/.config/dragonplayerrc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/dragonplayer
+whitelist /usr/share/dragonplayer
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 84a77ce34..82d96e405 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/draw.io
+noblacklist ${HOME}/.config/draw.io
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/draw.io
-allow  ${HOME}/.config/draw.io
+whitelist ${HOME}/.config/draw.io
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index e177fd60e..068bd88d8 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PATH}/drill
+noblacklist ${PATH}/drill
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index 274cdd478..b3b2aaf40 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/autostart
-nodeny  ${HOME}/.dropbox
+noblacklist ${HOME}/.dropbox
-nodeny  ${HOME}/.dropbox-dist
+noblacklist ${HOME}/.dropbox-dist
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
 mkdir ${HOME}/.dropbox-dist
 mkdir ${HOME}/Dropbox
 mkfile ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.dropbox
+whitelist ${HOME}/.dropbox
-allow  ${HOME}/.dropbox-dist
+whitelist ${HOME}/.dropbox-dist
-allow  ${HOME}/Dropbox
+whitelist ${HOME}/Dropbox
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index da54fec34..38e4b16f7 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.easystroke
+noblacklist ${HOME}/.easystroke
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.easystroke
-allow  ${HOME}/.easystroke
+whitelist ${HOME}/.easystroke
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 10e57371e..278dd6cbd 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/electron-mail
+noblacklist ${HOME}/.config/electron-mail
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/electron-mail
-allow  ${HOME}/.config/electron-mail
+whitelist ${HOME}/.config/electron-mail
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index e8d8d35c4..493af79d4 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index f6691017c..ad636d71a 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.electrum
+noblacklist ${HOME}/.electrum
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.electrum
-allow  ${HOME}/.electrum
+whitelist ${HOME}/.electrum
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index ec28866b8..48a826f2e 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
 ignore dbus-user none
-nodeny  ${HOME}/.config/Element
+noblacklist ${HOME}/.config/Element
 mkdir ${HOME}/.config/Element
-allow  ${HOME}/.config/Element
+whitelist ${HOME}/.config/Element
-allow  /opt/Element
+whitelist /opt/Element
 private-opt Element
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 30dca05cb..5a29eb24b 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.elinks
+noblacklist ${HOME}/.elinks
 mkdir ${HOME}/.elinks
-allow  ${HOME}/.elinks
+whitelist ${HOME}/.elinks
 private-bin elinks
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index f0e0e2830..55bf743ef 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.emacs
+noblacklist ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs.d
 # Add the next line to your emacs.local if you need gpg support.
 #noblacklist ${HOME}/.gnupg
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 5fc72d340..6c9a8a6ea 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
 # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
 # and 'blacklist' it in your disable-common.local too so it is  kept hidden from other applications
-nodeny  ${HOME}/Mail
+noblacklist ${HOME}/Mail
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.config/mimeapps.list
 mkfile ${HOME}/.signature
-allow  ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.config/mimeapps.list
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.signature
+whitelist ${HOME}/.signature
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
-allow  ${HOME}/Mail
+whitelist ${HOME}/Mail
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index 36015b702..ac17b1726 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/enchant
-allow  ${HOME}/.config/enchant
+whitelist ${HOME}/.config/enchant
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index 9a1d89bba..d982433e2 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/Enox
+noblacklist ${HOME}/.cache/Enox
-nodeny  ${HOME}/.config/Enox
+noblacklist ${HOME}/.config/Enox
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/Enox
 mkdir ${HOME}/.config/Enox
-allow  ${HOME}/.cache/Enox
+whitelist ${HOME}/.cache/Enox
-allow  ${HOME}/.config/Enox
+whitelist ${HOME}/.config/Enox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index 5d8f8a0b9..c4123b4c2 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Enpass
+noblacklist ${HOME}/.cache/Enpass
-nodeny  ${HOME}/.config/sinew.in
+noblacklist ${HOME}/.config/sinew.in
-nodeny  ${HOME}/.config/Sinew Software Systems
+noblacklist ${HOME}/.config/Sinew Software Systems
-nodeny  ${HOME}/.local/share/Enpass
+noblacklist ${HOME}/.local/share/Enpass
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
 mkfile ${HOME}/.config/sinew.in
 mkdir ${HOME}/.config/Sinew Software Systems
 mkdir ${HOME}/.local/share/Enpass
-allow  ${HOME}/.cache/Enpass
+whitelist ${HOME}/.cache/Enpass
-allow  ${HOME}/.config/sinew.in
+whitelist ${HOME}/.config/sinew.in
-allow  ${HOME}/.config/Sinew Software Systems
+whitelist ${HOME}/.config/Sinew Software Systems
-allow  ${HOME}/.local/share/Enpass
+whitelist ${HOME}/.local/share/Enpass
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index ff7040e5c..fe7913e77 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/Trash
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index e8592c7df..5892374bd 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/eog
+noblacklist ${HOME}/.config/eog
-allow  /usr/share/eog
+whitelist /usr/share/eog
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 323f5ade2..7143a8e03 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mate/eom
+noblacklist ${HOME}/.config/mate/eom
-allow  /usr/share/eom
+whitelist /usr/share/eom
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 3657742b9..131d68951 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index daedb2193..225811226 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
 # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
 # See https://github.com/netblue30/firejail/issues/2995
-nodeny  ${HOME}/.cache/epiphany
+noblacklist ${HOME}/.cache/epiphany
-nodeny  ${HOME}/.config/epiphany
+noblacklist ${HOME}/.config/epiphany
-nodeny  ${HOME}/.local/share/epiphany
+noblacklist ${HOME}/.local/share/epiphany
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/epiphany
+whitelist ${HOME}/.cache/epiphany
-allow  ${HOME}/.config/epiphany
+whitelist ${HOME}/.config/epiphany
-allow  ${HOME}/.local/share/epiphany
+whitelist ${HOME}/.local/share/epiphany
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index ac957870c..964d3b7ca 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/equalx
+noblacklist ${HOME}/.config/equalx
-nodeny  ${HOME}/.equalx
+noblacklist ${HOME}/.equalx
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/equalx
 mkdir ${HOME}/.equalx
-allow  ${HOME}/.config/equalx
+whitelist ${HOME}/.config/equalx
-allow  ${HOME}/.equalx
+whitelist ${HOME}/.equalx
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
-allow  /usr/share/ghostscript
+whitelist /usr/share/ghostscript
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/equalx
+whitelist /usr/share/equalx
-allow  /var/lib/texmf
+whitelist /var/lib/texmf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index a2f46b757..fdff1e4b5 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.etr
+noblacklist ${HOME}/.etr
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.etr
-allow  ${HOME}/.etr
+whitelist ${HOME}/.etr
-allow  /usr/share/etr
+whitelist /usr/share/etr
 # Debian version
-allow  /usr/share/games/etr
+whitelist /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index ce2617ad6..a9e39b15c 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
 # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
 #noblacklist ${HOME}/.local/share/gvfs-metadata
-nodeny  ${HOME}/.config/evince
+noblacklist ${HOME}/.config/evince
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/evince
+whitelist /usr/share/evince
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
-allow  /usr/share/tracker
+whitelist /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 142498a28..7222493ac 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
-nodeny  ${HOME}/.bogofilter
+noblacklist ${HOME}/.bogofilter
-nodeny  ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/evolution
-nodeny  ${HOME}/.config/evolution
+noblacklist ${HOME}/.config/evolution
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 216814989..7b09a2c64 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/perl-image-exiftool
+whitelist /usr/share/perl-image-exiftool
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 9bb42945b..b2061db79 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/falkon
+noblacklist ${HOME}/.cache/falkon
-nodeny  ${HOME}/.config/falkon
+noblacklist ${HOME}/.config/falkon
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/falkon
+whitelist ${HOME}/.cache/falkon
-allow  ${HOME}/.config/falkon
+whitelist ${HOME}/.config/falkon
-allow  /usr/share/falkon
+whitelist /usr/share/falkon
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index d141c6ed5..8e81000fd 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.FBReader
+noblacklist ${HOME}/.FBReader
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 17a365053..31cb1776c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 359be083e..664ec2da6 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/feedreader
+noblacklist ${HOME}/.cache/feedreader
-nodeny  ${HOME}/.local/share/feedreader
+noblacklist ${HOME}/.local/share/feedreader
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/feedreader
 mkdir ${HOME}/.local/share/feedreader
-allow  ${HOME}/.cache/feedreader
+whitelist ${HOME}/.cache/feedreader
-allow  ${HOME}/.local/share/feedreader
+whitelist ${HOME}/.local/share/feedreader
-allow  /usr/share/feedreader
+whitelist /usr/share/feedreader
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index f60055f37..a2372ec8a 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.cache/Ferdi
+noblacklist ${HOME}/.cache/Ferdi
-nodeny  ${HOME}/.config/Ferdi
+noblacklist ${HOME}/.config/Ferdi
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/Ferdi
+whitelist ${HOME}/.cache/Ferdi
-allow  ${HOME}/.config/Ferdi
+whitelist ${HOME}/.config/Ferdi
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 1e06ec29a..7358ed5c7 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.fetchmailrc
+noblacklist ${HOME}/.fetchmailrc
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 1a64183ab..13ef1beb9 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/devedeng
+whitelist /usr/share/devedeng
-allow  /usr/share/ffmpeg
+whitelist /usr/share/ffmpeg
-allow  /usr/share/qtchooser
+whitelist /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index f7a938f24..4eeceeee8 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,9 +13,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/libexec/file-roller
+whitelist /usr/libexec/file-roller
-allow  /usr/libexec/p7zip
+whitelist /usr/libexec/p7zip
-allow  /usr/share/file-roller
+whitelist /usr/share/file-roller
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 426d1e72d..5c7583605 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index d9e0e9da0..dc5def54f 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/filezilla
+noblacklist ${HOME}/.config/filezilla
-nodeny  ${HOME}/.filezilla
+noblacklist ${HOME}/.filezilla
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index e22424794..77487161e 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/firedragon
+noblacklist ${HOME}/.cache/firedragon
-nodeny  ${HOME}/.firedragon
+noblacklist ${HOME}/.firedragon
 mkdir ${HOME}/.cache/firedragon
 mkdir ${HOME}/.firedragon
-allow  ${HOME}/.cache/firedragon
+whitelist ${HOME}/.cache/firedragon
-allow  ${HOME}/.firedragon
+whitelist ${HOME}/.firedragon
 # Add the next lines to your firedragon.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index 7e2e8760d..d282f9a60 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
 ignore private-cache
-nodeny  ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.cache/youtube-dl
-nodeny  ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/okularrc
-nodeny  ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.config/qpdfview
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/okular
+noblacklist ${HOME}/.local/share/kxmlgui5/okular
-nodeny  ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/okular
-nodeny  ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.local/share/qpdfview
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-allow  ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-allow  ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/kgetrc
+whitelist ${HOME}/.config/kgetrc
-allow  ${HOME}/.config/mpv
+whitelist ${HOME}/.config/mpv
-allow  ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularpartrc
-allow  ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/okularrc
-allow  ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-silverlight5.1
-allow  ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/pipelight-widevine
-allow  ${HOME}/.config/qpdfview
+whitelist ${HOME}/.config/qpdfview
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/youtube-dl
-allow  ${HOME}/.kde/share/apps/kget
+whitelist ${HOME}/.kde/share/apps/kget
-allow  ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/apps/okular
-allow  ${HOME}/.kde/share/config/kgetrc
+whitelist ${HOME}/.kde/share/config/kgetrc
-allow  ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularpartrc
-allow  ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde/share/config/okularrc
-allow  ${HOME}/.kde4/share/apps/kget
+whitelist ${HOME}/.kde4/share/apps/kget
-allow  ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/apps/okular
-allow  ${HOME}/.kde4/share/config/kgetrc
+whitelist ${HOME}/.kde4/share/config/kgetrc
-allow  ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularpartrc
-allow  ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.kde4/share/config/okularrc
-allow  ${HOME}/.keysnail.js
+whitelist ${HOME}/.keysnail.js
-allow  ${HOME}/.lastpass
+whitelist ${HOME}/.lastpass
-allow  ${HOME}/.local/share/kget
+whitelist ${HOME}/.local/share/kget
-allow  ${HOME}/.local/share/kxmlgui5/okular
+whitelist ${HOME}/.local/share/kxmlgui5/okular
-allow  ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/okular
-allow  ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.local/share/qpdfview
-allow  ${HOME}/.local/share/tridactyl
+whitelist ${HOME}/.local/share/tridactyl
-allow  ${HOME}/.netrc
+whitelist ${HOME}/.netrc
-allow  ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pentadactylrc
-allow  ${HOME}/.tridactylrc
+whitelist ${HOME}/.tridactylrc
-allow  ${HOME}/.vimperator
+whitelist ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
+whitelist ${HOME}/.vimperatorrc
-allow  ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight
-allow  ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.wine-pipelight64
-allow  ${HOME}/.zotero
+whitelist ${HOME}/.zotero
-allow  ${HOME}/dwhelper
+whitelist ${HOME}/dwhelper
-allow  /usr/share/lua
+whitelist /usr/share/lua
-allow  /usr/share/lua*
+whitelist /usr/share/lua*
-allow  /usr/share/vulkan
+whitelist /usr/share/vulkan
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-nodeny  ${HOME}/.local/share/gnome-shell
+noblacklist ${HOME}/.local/share/gnome-shell
-allow  ${HOME}/.local/share/gnome-shell
+whitelist ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.ChromeGnomeShell
 dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index cb0fae5dc..8b74ed979 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 4fd315fdf..5e69fdb51 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
 # added by included profile
 #include globals.local
-allow  /usr/share/firefox-esr
+whitelist /usr/share/firefox-esr
 # Redirect
 include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 8acfe7c2a..3ad67734d 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-deny  /usr/libexec
+blacklist /usr/libexec
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.cache/mozilla/firefox
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
 # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/firefox
+whitelist /usr/share/firefox
-allow  /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
+whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
+whitelist /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index bd1becaf0..2c86d3ac7 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/five-or-more
+noblacklist ${HOME}/.local/share/five-or-more
 mkdir ${HOME}/.local/share/five-or-more
-allow  ${HOME}/.local/share/five-or-more
+whitelist ${HOME}/.local/share/five-or-more
-allow  /usr/share/five-or-more
+whitelist /usr/share/five-or-more
 private-bin five-or-more
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index f16a65536..55af96c84 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${HOME}/.config/Dharkael
+noblacklist ${HOME}/.config/Dharkael
-nodeny  ${HOME}/.config/flameshot
+noblacklist ${HOME}/.config/flameshot
 include disable-common.inc
 include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
 #whitelist ${HOME}/.config/flameshot
-allow  /usr/share/flameshot
+whitelist /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index af114e129..310fb378f 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/slimjet
+noblacklist ${HOME}/.cache/slimjet
-nodeny  ${HOME}/.config/slimjet
+noblacklist ${HOME}/.config/slimjet
 mkdir ${HOME}/.cache/slimjet
 mkdir ${HOME}/.config/slimjet
-allow  ${HOME}/.cache/slimjet
+whitelist ${HOME}/.cache/slimjet
-allow  ${HOME}/.config/slimjet
+whitelist ${HOME}/.config/slimjet
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index 505763fb9..a4421e3ce 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/flowblade
+noblacklist ${HOME}/.config/flowblade
-nodeny  ${HOME}/.flowblade
+noblacklist ${HOME}/.flowblade
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index a22c0e103..1210f365c 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
 include globals.local
 # all applications started in fluxbox will run in this profile
-nodeny  ${HOME}/.fluxbox
+noblacklist ${HOME}/.fluxbox
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index ff9167c1a..cd0129436 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/font-manager
+noblacklist ${HOME}/.cache/font-manager
-nodeny  ${HOME}/.config/font-manager
+noblacklist ${HOME}/.config/font-manager
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
-allow  ${HOME}/.cache/font-manager
+whitelist ${HOME}/.cache/font-manager
-allow  ${HOME}/.config/font-manager
+whitelist ${HOME}/.config/font-manager
-allow  /usr/share/font-manager
+whitelist /usr/share/font-manager
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index 64c7655e2..bd1495877 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.FontForge
+noblacklist ${HOME}/.FontForge
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 5e5a12794..2d700d336 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/fossamail
+noblacklist ${HOME}/.cache/fossamail
-nodeny  ${HOME}/.fossamail
+noblacklist ${HOME}/.fossamail
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 mkdir ${HOME}/.cache/fossamail
 mkdir ${HOME}/.fossamail
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.cache/fossamail
+whitelist ${HOME}/.cache/fossamail
-allow  ${HOME}/.fossamail
+whitelist ${HOME}/.fossamail
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
 include whitelist-common.inc
 # allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index 97fd4a626..eb0c43ca5 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
-allow  /usr/share/four-in-a-row
+whitelist /usr/share/four-in-a-row
 private-bin four-in-a-row
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 8edc9b02d..1b1d031b4 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/fractal
+noblacklist ${HOME}/.cache/fractal
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/fractal
-allow  ${HOME}/.cache/fractal
+whitelist ${HOME}/.cache/fractal
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 1a8ec8f99..9b780a572 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.cache/Franz
+noblacklist ${HOME}/.cache/Franz
-nodeny  ${HOME}/.config/Franz
+noblacklist ${HOME}/.config/Franz
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/Franz
+whitelist ${HOME}/.cache/Franz
-allow  ${HOME}/.config/Franz
+whitelist ${HOME}/.config/Franz
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index a45ad4c7a..8043d0530 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/FreeCAD
+noblacklist ${HOME}/.config/FreeCAD
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 20abd4056..23c19682c 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.freeciv
+noblacklist ${HOME}/.freeciv
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.freeciv
-allow  ${HOME}/.freeciv
+whitelist ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 79ccf4101..93fa7da03 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.freecol
+noblacklist ${HOME}/.freecol
-nodeny  ${HOME}/.cache/freecol
+noblacklist ${HOME}/.cache/freecol
-nodeny  ${HOME}/.config/freecol
+noblacklist ${HOME}/.config/freecol
-nodeny  ${HOME}/.local/share/freecol
+noblacklist ${HOME}/.local/share/freecol
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
 mkdir ${HOME}/.cache/freecol
 mkdir ${HOME}/.config/freecol
 mkdir ${HOME}/.local/share/freecol
-allow  ${HOME}/.freecol
+whitelist ${HOME}/.freecol
-allow  ${HOME}/.java
+whitelist ${HOME}/.java
-allow  ${HOME}/.cache/freecol
+whitelist ${HOME}/.cache/freecol
-allow  ${HOME}/.config/freecol
+whitelist ${HOME}/.config/freecol
-allow  ${HOME}/.local/share/freecol
+whitelist ${HOME}/.local/share/freecol
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ba52dd208..699177039 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.freemind
+noblacklist ${HOME}/.freemind
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index 4c321322c..e6aff533d 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/FreeTube
+noblacklist ${HOME}/.config/FreeTube
 include disable-shell.inc
 mkdir ${HOME}/.config/FreeTube
-allow  ${HOME}/.config/FreeTube
+whitelist ${HOME}/.config/FreeTube
 private-bin freetube
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index 3a6dfcfd6..b4ad81046 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.frogatto
+noblacklist ${HOME}/.frogatto
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.frogatto
-allow  ${HOME}/.frogatto
+whitelist ${HOME}/.frogatto
-allow  /usr/libexec/frogatto
+whitelist /usr/libexec/frogatto
-allow  /usr/share/frogatto
+whitelist /usr/share/frogatto
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 12eca8eb0..76352e41e 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.frozen-bubble
+noblacklist ${HOME}/.frozen-bubble
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.frozen-bubble
-allow  ${HOME}/.frozen-bubble
+whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 07030df4b..8852925b1 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.funnyboat
+noblacklist ${HOME}/.funnyboat
 ignore noexec /dev/shm
 include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.funnyboat
-allow  ${HOME}/.funnyboat
+whitelist ${HOME}/.funnyboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-allow  /usr/share/funnyboat
+whitelist /usr/share/funnyboat
 # Debian:
-allow  /usr/share/games/funnyboat
+whitelist /usr/share/games/funnyboat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index 4cd2cb1e6..ed3f0357d 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.cache/gajim
+noblacklist ${HOME}/.cache/gajim
-nodeny  ${HOME}/.config/gajim
+noblacklist ${HOME}/.config/gajim
-nodeny  ${HOME}/.local/share/gajim
+noblacklist ${HOME}/.local/share/gajim
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.cache/gajim
+whitelist ${HOME}/.cache/gajim
-allow  ${HOME}/.config/gajim
+whitelist ${HOME}/.config/gajim
-allow  ${HOME}/.local/share/gajim
+whitelist ${HOME}/.local/share/gajim
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 0b1b595a6..550b3808b 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/galculator
+noblacklist ${HOME}/.config/galculator
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/galculator
-allow  ${HOME}/.config/galculator
+whitelist ${HOME}/.config/galculator
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 00b830234..3a8c055f2 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 896a100fc..388f4c0df 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
 # noexec ${HOME} will break user-local installs of gcloud tooling
 ignore noexec ${HOME}
-nodeny  ${HOME}/.boto
+noblacklist ${HOME}/.boto
-nodeny  ${HOME}/.config/gcloud
+noblacklist ${HOME}/.config/gcloud
-nodeny  /var/run/docker.sock
+noblacklist /var/run/docker.sock
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index 8f72f0b34..cb39174e5 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
 # added by included profile
 #include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-allow  /usr/share/gconf-editor
+whitelist /usr/share/gconf-editor
 ignore x11 none
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index 8c7013574..fec1a555a 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/gconf
+noblacklist ${HOME}/.config/gconf
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/gconf
-allow  ${HOME}/.config/gconf
+whitelist ${HOME}/.config/gconf
-allow  /usr/share/GConf
+whitelist /usr/share/GConf
-allow  /usr/share/gconf
+whitelist /usr/share/gconf
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 706a85c75..6fdb9b37a 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/geany
+noblacklist ${HOME}/.config/geany
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 512fc1e59..74e135a7c 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/evolution
-nodeny  ${HOME}/.cache/folks
+noblacklist ${HOME}/.cache/folks
-nodeny  ${HOME}/.cache/geary
+noblacklist ${HOME}/.cache/geary
-nodeny  ${HOME}/.config/evolution
+noblacklist ${HOME}/.config/evolution
-nodeny  ${HOME}/.config/geary
+noblacklist ${HOME}/.config/geary
-nodeny  ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.local/share/geary
+noblacklist ${HOME}/.local/share/geary
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
 include disable-common.inc
 include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/evolution
+whitelist ${HOME}/.cache/evolution
-allow  ${HOME}/.cache/folks
+whitelist ${HOME}/.cache/folks
-allow  ${HOME}/.cache/geary
+whitelist ${HOME}/.cache/geary
-allow  ${HOME}/.config/evolution
+whitelist ${HOME}/.config/evolution
-allow  ${HOME}/.config/geary
+whitelist ${HOME}/.config/geary
-allow  ${HOME}/.local/share/evolution
+whitelist ${HOME}/.local/share/evolution
-allow  ${HOME}/.local/share/geary
+whitelist ${HOME}/.local/share/geary
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  /usr/share/geary
+whitelist /usr/share/geary
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index f11540374..108b7041d 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
-nodeny  ${HOME}/.config/gedit
+noblacklist ${HOME}/.config/gedit
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index 8ec3bbaf9..dd33b3fb5 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/geeqie
+noblacklist ${HOME}/.cache/geeqie
-nodeny  ${HOME}/.config/geeqie
+noblacklist ${HOME}/.config/geeqie
-nodeny  ${HOME}/.local/share/geeqie
+noblacklist ${HOME}/.local/share/geeqie
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 1661da639..f894a42ca 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gfeeds
+noblacklist ${HOME}/.cache/gfeeds
-nodeny  ${HOME}/.cache/org.gabmus.gfeeds
+noblacklist ${HOME}/.cache/org.gabmus.gfeeds
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.json
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
 mkdir ${HOME}/.cache/org.gabmus.gfeeds
 mkfile ${HOME}/.config/org.gabmus.gfeeds.json
 mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  ${HOME}/.cache/gfeeds
+whitelist ${HOME}/.cache/gfeeds
-allow  ${HOME}/.cache/org.gabmus.gfeeds
+whitelist ${HOME}/.cache/org.gabmus.gfeeds
-allow  ${HOME}/.config/org.gabmus.gfeeds.json
+whitelist ${HOME}/.config/org.gabmus.gfeeds.json
-allow  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/gfeeds
+whitelist /usr/share/gfeeds
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index 06929dbe3..d9c5a0d9a 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 0577fe24f..276ab76df 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ghostwriter
+noblacklist ${HOME}/.config/ghostwriter
-nodeny  ${HOME}/.local/share/ghostwriter
+noblacklist ${HOME}/.local/share/ghostwriter
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include allow-lua.inc
@@ -22,10 +22,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/ghostwriter
+whitelist /usr/share/ghostwriter
-allow  /usr/share/mozilla-dicts
+whitelist /usr/share/mozilla-dicts
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/pandoc*
+whitelist /usr/share/pandoc*
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index de9db8d0f..dfc1304d1 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
 # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/babl
+noblacklist ${HOME}/.cache/babl
-nodeny  ${HOME}/.cache/gegl-0.4
+noblacklist ${HOME}/.cache/gegl-0.4
-nodeny  ${HOME}/.cache/gimp
+noblacklist ${HOME}/.cache/gimp
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/gegl-0.4
+whitelist /usr/share/gegl-0.4
-allow  /usr/share/gimp
+whitelist /usr/share/gimp
-allow  /usr/share/mypaint-data
+whitelist /usr/share/mypaint-data
-allow  /usr/share/lensfun
+whitelist /usr/share/lensfun
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index e601d3ab0..661c3a375 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.gist
+noblacklist ${HOME}/.gist
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gist
-allow  ${HOME}/.gist
+whitelist ${HOME}/.gist
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 74b7506cf..5e4249376 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.subversion
+noblacklist ${HOME}/.subversion
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.config/git-cola
+noblacklist ${HOME}/.config/git-cola
 # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
 #noblacklist ${HOME}/
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
 # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
-allow  /usr/share/git
+whitelist /usr/share/git
-allow  /usr/share/git-cola
+whitelist /usr/share/git-cola
-allow  /usr/share/git-core
+whitelist /usr/share/git-core
-allow  /usr/share/git-gui
+whitelist /usr/share/git-gui
-allow  /usr/share/gitk
+whitelist /usr/share/gitk
-allow  /usr/share/gitweb
+whitelist /usr/share/gitweb
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index 680e91085..bfa0081c6 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.config/nano
+noblacklist ${HOME}/.config/nano
-nodeny  ${HOME}/.emacs
+noblacklist ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs.d
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.nanorc
+noblacklist ${HOME}/.nanorc
-nodeny  ${HOME}/.vim
+noblacklist ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.viminfo
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/git
+whitelist /usr/share/git
-allow  /usr/share/git-core
+whitelist /usr/share/git-core
-allow  /usr/share/gitgui
+whitelist /usr/share/gitgui
-allow  /usr/share/gitweb
+whitelist /usr/share/gitweb
-allow  /usr/share/nano
+whitelist /usr/share/nano
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index d313b5022..05d7dffa9 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.local/share/gitg
+noblacklist ${HOME}/.local/share/gitg
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
 #whitelist ${HOME}/.ssh
 #include whitelist-common.inc
-allow  /usr/share/gitg
+whitelist /usr/share/gitg
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 81b534a74..325c54ced 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/GitHub Desktop
+noblacklist ${HOME}/.config/GitHub Desktop
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
 # no3d
 nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 2d1694ef7..460e2b990 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/autostart
-nodeny  ${HOME}/.config/Gitter
+noblacklist ${HOME}/.config/Gitter
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.config/Gitter
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/autostart
+whitelist ${HOME}/.config/autostart
-allow  ${HOME}/.config/Gitter
+whitelist ${HOME}/.config/Gitter
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index e00bb1dbf..ed68b3c2d 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
-nodeny  ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.cache/org.gnome.Books
-nodeny  ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index a3236c2be..c8cefc67e 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gl-117
+noblacklist ${HOME}/.gl-117
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gl-117
-allow  ${HOME}/.gl-117
+whitelist ${HOME}/.gl-117
-allow  /usr/share/gl-117
+whitelist /usr/share/gl-117
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ec894a5f3..ee7af0546 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.glaxiumrc
+noblacklist ${HOME}/.glaxiumrc
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.glaxiumrc
-allow  ${HOME}/.glaxiumrc
+whitelist ${HOME}/.glaxiumrc
-allow  /usr/share/glaxium
+whitelist /usr/share/glaxium
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index e091b811f..14b3ef811 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/globaltime
+noblacklist ${HOME}/.config/globaltime
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index 79397d28f..b3aad8b2c 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gmpc
+noblacklist ${HOME}/.config/gmpc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/gmpc
-allow  ${HOME}/.config/gmpc
+whitelist ${HOME}/.config/gmpc
-allow  ${MUSIC}
+whitelist ${MUSIC}
-allow  /usr/share/gmpc
+whitelist /usr/share/gmpc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index c723f6e46..777c81dbe 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-2048
+noblacklist ${HOME}/.local/share/gnome-2048
 mkdir ${HOME}/.local/share/gnome-2048
-allow  ${HOME}/.local/share/gnome-2048
+whitelist ${HOME}/.local/share/gnome-2048
 private-bin gnome-2048
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 2ed5fa76b..34a7f557c 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.cache/org.gnome.Books
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 7dd1c6e22..37ca5aeff 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bash_history
+noblacklist ${HOME}/.bash_history
-nodeny  ${HOME}/.cache/gnome-builder
+noblacklist ${HOME}/.cache/gnome-builder
-nodeny  ${HOME}/.config/gnome-builder
+noblacklist ${HOME}/.config/gnome-builder
-nodeny  ${HOME}/.local/share/gnome-builder
+noblacklist ${HOME}/.local/share/gnome-builder
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index d91fbaa4b..03acd66aa 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 806d7e571..741fe9bf7 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/org.gnome.Characters
+whitelist /usr/share/org.gnome.Characters
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index 095210565..bd39f625c 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-chess
+noblacklist ${HOME}/.config/gnome-chess
-nodeny  ${HOME}/.local/share/gnome-chess
+noblacklist ${HOME}/.local/share/gnome-chess
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.local/share/gnome-chess
 #include whitelist-common.inc
-allow  /usr/share/gnuchess
+whitelist /usr/share/gnuchess
-allow  /usr/share/gnome-chess
+whitelist /usr/share/gnome-chess
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 7e2d458fd..1e7c70b84 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gnome-clocks
+whitelist /usr/share/gnome-clocks
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index 7902fa169..dcc6163b6 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 0f601149f..29ad67af8 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 50c3e2c6f..2db956faf 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/gnome-hexgl
+whitelist /usr/share/gnome-hexgl
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 62a5a34ea..25b4c47de 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index ed074f944..c67a5c0da 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-klotski
+noblacklist ${HOME}/.local/share/gnome-klotski
 mkdir ${HOME}/.local/share/gnome-klotski
-allow  ${HOME}/.local/share/gnome-klotski
+whitelist ${HOME}/.local/share/gnome-klotski
 private-bin gnome-klotski
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 4a03a7ff5..1a7eafeca 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-latex
+noblacklist ${HOME}/.config/gnome-latex
-nodeny  ${HOME}/.local/share/gnome-latex
+noblacklist ${HOME}/.local/share/gnome-latex
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/gnome-latex
+whitelist /usr/share/gnome-latex
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 # May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index fcc02dc76..9d2ea7b7b 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /var/log/journal
+whitelist /var/log/journal
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index e21f03efe..42409dce8 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
 # Persistent global definitions
 include globals.local
-allow  /usr/share/gnome-mahjongg
+whitelist /usr/share/gnome-mahjongg
 private-bin gnome-mahjongg
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index cf4eceee3..23aab343f 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/champlain
+noblacklist ${HOME}/.cache/champlain
-nodeny  ${HOME}/.cache/org.gnome.Maps
+noblacklist ${HOME}/.cache/org.gnome.Maps
-nodeny  ${HOME}/.local/share/maps-places.json
+noblacklist ${HOME}/.local/share/maps-places.json
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/champlain
 mkfile ${HOME}/.local/share/maps-places.json
-allow  ${HOME}/.cache/champlain
+whitelist ${HOME}/.cache/champlain
-allow  ${HOME}/.local/share/maps-places.json
+whitelist ${HOME}/.local/share/maps-places.json
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  /usr/share/gnome-maps
+whitelist /usr/share/gnome-maps
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 1b2949bc5..4fe8986c2 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-mines
+noblacklist ${HOME}/.local/share/gnome-mines
 mkdir ${HOME}/.local/share/gnome-mines
-allow  ${HOME}/.local/share/gnome-mines
+whitelist ${HOME}/.local/share/gnome-mines
-allow  /usr/share/gnome-mines
+whitelist /usr/share/gnome-mines
 private-bin gnome-mines
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index c1cbc796a..43fe71f5e 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-mplayer
+noblacklist ${HOME}/.config/gnome-mplayer
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 8fd0826c4..2fcbe9910 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-music
+noblacklist ${HOME}/.local/share/gnome-music
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index a929582f8..814751db3 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/gnome-nettool
+whitelist /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index d4c037a41..b22810d34 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
 ignore machine-id
 ignore nosound
-nodeny  ${HOME}/.local/share/gnome-nibbles
+noblacklist ${HOME}/.local/share/gnome-nibbles
 mkdir ${HOME}/.local/share/gnome-nibbles
-allow  ${HOME}/.local/share/gnome-nibbles
+whitelist ${HOME}/.local/share/gnome-nibbles
-allow  /usr/share/gnome-nibbles
+whitelist /usr/share/gnome-nibbles
 private-bin gnome-nibbles
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index d2cf828cc..fee5f88b9 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/cracklib
+whitelist /usr/share/cracklib
-allow  /usr/share/passwordsafe
+whitelist /usr/share/passwordsafe
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 3702da2c7..58bf3f349 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index e9ae2bcb0..41903b136 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-pie
+noblacklist ${HOME}/.config/gnome-pie
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index bec23910c..c2ba7556d 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-pomodoro
+noblacklist ${HOME}/.local/share/gnome-pomodoro
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/gnome-pomodoro
-allow  ${HOME}/.local/share/gnome-pomodoro
+whitelist ${HOME}/.local/share/gnome-pomodoro
-allow  /usr/share/gnome-pomodoro
+whitelist /usr/share/gnome-pomodoro
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 5ef33fdd8..48c98ebe0 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
 include globals.local
-nodeny  ${HOME}/.cache/gnome-recipes
+noblacklist ${HOME}/.cache/gnome-recipes
-nodeny  ${HOME}/.local/share/gnome-recipes
+noblacklist ${HOME}/.local/share/gnome-recipes
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
-allow  ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
-allow  ${HOME}/.local/share/gnome-recipes
+whitelist ${HOME}/.local/share/gnome-recipes
-allow  /usr/share/gnome-recipes
+whitelist /usr/share/gnome-recipes
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index b34d264f4..78ceb9c4f 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-ring
+noblacklist ${HOME}/.local/share/gnome-ring
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 836d4e2b2..8835f2b93 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
-allow  /usr/share/gnome-robots
+whitelist /usr/share/gnome-robots
 private-bin gnome-robots
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 146f8bc4e..69c90b33d 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnome/gnome-schedule
+noblacklist ${HOME}/.gnome/gnome-schedule
 # Needs at and crontab to read/write user cron
-nodeny  ${PATH}/at
+noblacklist ${PATH}/at
-nodeny  ${PATH}/crontab
+noblacklist ${PATH}/crontab
 # Needs access to these files/dirs
-nodeny  /etc/cron.allow
+noblacklist /etc/cron.allow
-nodeny  /etc/cron.deny
+noblacklist /etc/cron.deny
-nodeny  /etc/shadow
+noblacklist /etc/shadow
-nodeny  /var/spool/cron
+noblacklist /var/spool/cron
 # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
 # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
 include disable-xdg.inc
 mkfile ${HOME}/.gnome/gnome-schedule
-allow  ${HOME}/.gnome/gnome-schedule
+whitelist ${HOME}/.gnome/gnome-schedule
-allow  /usr/share/gnome-schedule
+whitelist /usr/share/gnome-schedule
-allow  /var/spool/atd
+whitelist /var/spool/atd
-allow  /var/spool/cron
+whitelist /var/spool/cron
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index 175549e99..b683b6f6c 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${HOME}/.cache/gnome-screenshot
+noblacklist ${HOME}/.cache/gnome-screenshot
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index c2fb14fa4..34f5fdeff 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/Trash
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 3b7835e52..12fd48a86 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-sudoku
+noblacklist ${HOME}/.local/share/gnome-sudoku
 mkdir ${HOME}/.local/share/gnome-sudoku
-allow  ${HOME}/.local/share/gnome-sudoku
+whitelist ${HOME}/.local/share/gnome-sudoku
 private-bin gnome-sudoku
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 6978f7cab..8a818695d 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /var/log
+whitelist /var/log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index ac87cf70f..2341334f7 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
-allow  /usr/share/gnome-taquin
+whitelist /usr/share/gnome-taquin
 private-bin gnome-taquin
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 092fd58a3..3b147cd48 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gnome-todo
+whitelist /usr/share/gnome-todo
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index d76872ea6..b8ec195d3 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gnome-twitch
+noblacklist ${HOME}/.cache/gnome-twitch
-nodeny  ${HOME}/.local/share/gnome-twitch
+noblacklist ${HOME}/.local/share/gnome-twitch
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/gnome-twitch
 mkdir ${HOME}/.local/share/gnome-twitch
-allow  ${HOME}/.cache/gnome-twitch
+whitelist ${HOME}/.cache/gnome-twitch
-allow  ${HOME}/.local/share/gnome-twitch
+whitelist ${HOME}/.local/share/gnome-twitch
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 6f557ff8d..2e08fa41d 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index 261efefac..c3014a288 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnote
+noblacklist ${HOME}/.config/gnote
-nodeny  ${HOME}/.local/share/gnote
+noblacklist ${HOME}/.local/share/gnote
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
-allow  ${HOME}/.config/gnote
+whitelist ${HOME}/.config/gnote
-allow  ${HOME}/.local/share/gnote
+whitelist ${HOME}/.local/share/gnote
-allow  /usr/share/gnote
+whitelist /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index e6fbca26f..22851ce9f 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gnubik
+whitelist /usr/share/gnubik
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index f35a53ca4..09ca17caa 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/godot
+noblacklist ${HOME}/.cache/godot
-nodeny  ${HOME}/.config/godot
+noblacklist ${HOME}/.config/godot
-nodeny  ${HOME}/.local/share/godot
+noblacklist ${HOME}/.local/share/godot
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 95dd41c2a..8399d77c4 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index 07f0e587d..ebe5e870b 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/google-chrome-beta
+noblacklist ${HOME}/.cache/google-chrome-beta
-nodeny  ${HOME}/.config/google-chrome-beta
+noblacklist ${HOME}/.config/google-chrome-beta
-nodeny  ${HOME}/.config/chrome-beta-flags.conf
+noblacklist ${HOME}/.config/chrome-beta-flags.conf
-nodeny  ${HOME}/.config/chrome-beta-flags.config
+noblacklist ${HOME}/.config/chrome-beta-flags.config
 mkdir ${HOME}/.cache/google-chrome-beta
 mkdir ${HOME}/.config/google-chrome-beta
-allow  ${HOME}/.cache/google-chrome-beta
+whitelist ${HOME}/.cache/google-chrome-beta
-allow  ${HOME}/.config/google-chrome-beta
+whitelist ${HOME}/.config/google-chrome-beta
-allow  ${HOME}/.config/chrome-beta-flags.conf
+whitelist ${HOME}/.config/chrome-beta-flags.conf
-allow  ${HOME}/.config/chrome-beta-flags.config
+whitelist ${HOME}/.config/chrome-beta-flags.config
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 229904411..4d303f71b 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/google-chrome-unstable
+noblacklist ${HOME}/.cache/google-chrome-unstable
-nodeny  ${HOME}/.config/google-chrome-unstable
+noblacklist ${HOME}/.config/google-chrome-unstable
-nodeny  ${HOME}/.config/chrome-unstable-flags.conf
+noblacklist ${HOME}/.config/chrome-unstable-flags.conf
-nodeny  ${HOME}/.config/chrome-unstable-flags.config
+noblacklist ${HOME}/.config/chrome-unstable-flags.config
 mkdir ${HOME}/.cache/google-chrome-unstable
 mkdir ${HOME}/.config/google-chrome-unstable
-allow  ${HOME}/.cache/google-chrome-unstable
+whitelist ${HOME}/.cache/google-chrome-unstable
-allow  ${HOME}/.config/google-chrome-unstable
+whitelist ${HOME}/.config/google-chrome-unstable
-allow  ${HOME}/.config/chrome-unstable-flags.conf
+whitelist ${HOME}/.config/chrome-unstable-flags.conf
-allow  ${HOME}/.config/chrome-unstable-flags.config
+whitelist ${HOME}/.config/chrome-unstable-flags.config
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index f61642f17..ed2595f72 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/google-chrome
+noblacklist ${HOME}/.cache/google-chrome
-nodeny  ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.config/google-chrome
-nodeny  ${HOME}/.config/chrome-flags.conf
+noblacklist ${HOME}/.config/chrome-flags.conf
-nodeny  ${HOME}/.config/chrome-flags.config
+noblacklist ${HOME}/.config/chrome-flags.config
 mkdir ${HOME}/.cache/google-chrome
 mkdir ${HOME}/.config/google-chrome
-allow  ${HOME}/.cache/google-chrome
+whitelist ${HOME}/.cache/google-chrome
-allow  ${HOME}/.config/google-chrome
+whitelist ${HOME}/.config/google-chrome
-allow  ${HOME}/.config/chrome-flags.conf
+whitelist ${HOME}/.config/chrome-flags.conf
-allow  ${HOME}/.config/chrome-flags.config
+whitelist ${HOME}/.config/chrome-flags.config
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 6039f7cbd..65ac04771 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Google
+noblacklist ${HOME}/.config/Google
-nodeny  ${HOME}/.googleearth
+noblacklist ${HOME}/.googleearth
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google
 mkdir ${HOME}/.googleearth
-allow  ${HOME}/.config/Google
+whitelist ${HOME}/.config/Google
-allow  ${HOME}/.googleearth
+whitelist ${HOME}/.googleearth
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index fdb65b93c..a7aabe105 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
 # noexec /tmp breaks mpris support
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Google Play Music Desktop Player
+noblacklist ${HOME}/.config/Google Play Music Desktop Player
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google Play Music Desktop Player
 # whitelist ${HOME}/.config/pulse
 # whitelist ${HOME}/.pulse
-allow  ${HOME}/.config/Google Play Music Desktop Player
+whitelist ${HOME}/.config/Google Play Music Desktop Player
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 952c9c1d4..2d0bce52b 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
 # added by caller profile
 #include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 9b8da361b..37b4f0b1c 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 5fa66bb55..7f0b614b1 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 2ad896abe..4a4d6527c 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /usr/share/pacman/keyrings
+whitelist /usr/share/pacman/keyrings
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 0552dc3d7..fa53c26c8 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gpicview
+noblacklist ${HOME}/.config/gpicview
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-allow  /usr/share/gpicview
+whitelist /usr/share/gpicview
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index c9e62a73f..253d644f1 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Gpredict
+noblacklist ${HOME}/.config/Gpredict
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/Gpredict
-allow  ${HOME}/.config/Gpredict
+whitelist ${HOME}/.config/Gpredict
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2aebe2338..2b4c536d2 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gradio
+noblacklist ${HOME}/.cache/gradio
-nodeny  ${HOME}/.local/share/gradio
+noblacklist ${HOME}/.local/share/gradio
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
-allow  ${HOME}/.cache/gradio
+whitelist ${HOME}/.cache/gradio
-allow  ${HOME}/.local/share/gradio
+whitelist ${HOME}/.local/share/gradio
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index 53f0baccb..c7e0c2977 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gramps
+noblacklist ${HOME}/.gramps
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gramps
-allow  ${HOME}/.gramps
+whitelist ${HOME}/.gramps
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index ecc871c2e..890ba2560 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gravity-beams-and-evaporating-stars
+whitelist /usr/share/gravity-beams-and-evaporating-stars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 9a4f7b4fb..5927e8c4d 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gthumb
+noblacklist ${HOME}/.config/gthumb
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index d6bb9902a..c8addae75 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 8241de43a..787c7bd90 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
 ignore quiet
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 6ea4ebbdc..988882622 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
 ignore quiet
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 731bcad1d..3d2b71e9d 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.guayadeque
+noblacklist ${HOME}/.guayadeque
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 5cdc2cc18..2223c37a1 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gummi
+noblacklist ${HOME}/.cache/gummi
-nodeny  ${HOME}/.config/gummi
+noblacklist ${HOME}/.config/gummi
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 3404f5177..9221ca31c 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/guvcview2
+noblacklist ${HOME}/.config/guvcview2
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/guvcview2
-allow  ${HOME}/.config/guvcview2
+whitelist ${HOME}/.config/guvcview2
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index 132b5a2e2..d33e2a673 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/gwenviewrc
-nodeny  ${HOME}/.config/org.kde.gwenviewrc
+noblacklist ${HOME}/.config/org.kde.gwenviewrc
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
-nodeny  ${HOME}/.kde/share/apps/gwenview
+noblacklist ${HOME}/.kde/share/apps/gwenview
-nodeny  ${HOME}/.kde/share/config/gwenviewrc
+noblacklist ${HOME}/.kde/share/config/gwenviewrc
-nodeny  ${HOME}/.kde4/share/apps/gwenview
+noblacklist ${HOME}/.kde4/share/apps/gwenview
-nodeny  ${HOME}/.kde4/share/config/gwenviewrc
+noblacklist ${HOME}/.kde4/share/config/gwenviewrc
-nodeny  ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/gwenview
-nodeny  ${HOME}/.local/share/kxmlgui5/gwenview
+noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
-nodeny  ${HOME}/.local/share/org.kde.gwenview
+noblacklist ${HOME}/.local/share/org.kde.gwenview
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index 46c98bdc2..b261c16f4 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index c102ac4cb..847e1ec1e 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ghb
+noblacklist ${HOME}/.config/ghb
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index d98a1b554..aab4b0c21 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.hashcat
+noblacklist ${HOME}/.hashcat
-nodeny  /usr/include
+noblacklist /usr/include
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 1c2a44e06..44584f26b 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
 # common profile for hasher/checksum tools
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 # Comment/uncomment the relevant include file(s) in your hasher-common.local
 # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index 90833af91..c0675d8ec 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.hedgewars
+noblacklist ${HOME}/.hedgewars
 include allow-lua.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.hedgewars
-allow  ${HOME}/.hedgewars
+whitelist ${HOME}/.hedgewars
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index 993efb591..b887de147 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/hexchat
+noblacklist ${HOME}/.config/hexchat
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/hexchat
-allow  ${HOME}/.config/hexchat
+whitelist ${HOME}/.config/hexchat
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 53db642dc..643736ac7 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index ef259cc00..199b1a5e5 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/homebank
+noblacklist ${HOME}/.config/homebank
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/homebank
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/homebank
+whitelist ${HOME}/.config/homebank
-allow  /usr/share/homebank
+whitelist /usr/share/homebank
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 63e1be259..00d9f7a76 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${PATH}/host
+noblacklist ${PATH}/host
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index db5cd29cc..267712c87 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.hugin
+noblacklist ${HOME}/.hugin
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 1fb33ceb8..e66ffd7e1 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/hyperrogue.ini
+noblacklist ${HOME}/hyperrogue.ini
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/hyperrogue.ini
-allow  ${HOME}/hyperrogue.ini
+whitelist ${HOME}/hyperrogue.ini
-allow  /usr/share/hyperrogue
+whitelist /usr/share/hyperrogue
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index c8a2e8a04..47c984175 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
 # Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/i2p
+noblacklist ${HOME}/.config/i2p
-nodeny  ${HOME}/.i2p
+noblacklist ${HOME}/.i2p
-nodeny  ${HOME}/.local/share/i2p
+noblacklist ${HOME}/.local/share/i2p
-nodeny  ${HOME}/i2p
+noblacklist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
 mkdir ${HOME}/.i2p
 mkdir ${HOME}/.local/share/i2p
 mkdir ${HOME}/i2p
-allow  ${HOME}/.config/i2p
+whitelist ${HOME}/.config/i2p
-allow  ${HOME}/.i2p
+whitelist ${HOME}/.i2p
-allow  ${HOME}/.local/share/i2p
+whitelist ${HOME}/.local/share/i2p
-allow  ${HOME}/i2p
+whitelist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-allow  /usr/sbin/wrapper*
+whitelist /usr/sbin/wrapper*
 include whitelist-common.inc
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index 95ddad221..e96b1843c 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
 include globals.local
 # all applications started in i3 will run in this profile
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 0de2f658b..660343a29 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
 mkdir ${HOME}/.cache/mozilla/icecat
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/icecat
+whitelist ${HOME}/.cache/mozilla/icecat
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
 # private-etc must first be enabled in firefox-common.profile
 #private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 0c22d87d0..19690cd5a 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
-nodeny  ${HOME}/.cache/icedove
+noblacklist ${HOME}/.cache/icedove
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.icedove
+noblacklist ${HOME}/.icedove
 mkdir ${HOME}/.cache/icedove
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.icedove
-allow  ${HOME}/.cache/icedove
+whitelist ${HOME}/.cache/icedove
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.icedove
+whitelist ${HOME}/.icedove
 include whitelist-common.inc
 ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 180b62ec2..680b8e777 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.IdeaIC*
+noblacklist ${HOME}/.IdeaIC*
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
+noblacklist ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 5d28e7aca..12ce7976b 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.imagej
+noblacklist ${HOME}/.imagej
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index 70d56a7dc..c26958d06 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/imlib2
+whitelist /usr/share/imlib2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index 4914cd9d0..c152be01c 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
 # Persistent global definitions
 #include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/opengl-games-utils
+whitelist /usr/share/opengl-games-utils
-allow  /usr/share/zenity
+whitelist /usr/share/zenity
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 1a949b300..35dd86b32 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/inkscape
+noblacklist ${HOME}/.cache/inkscape
-nodeny  ${HOME}/.config/inkscape
+noblacklist ${HOME}/.config/inkscape
-nodeny  ${HOME}/.inkscape
+noblacklist ${HOME}/.inkscape
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow exporting .xcf files
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
 # Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/inkscape
+whitelist /usr/share/inkscape
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index 1591ed7ea..a5cac12f2 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/inox
+noblacklist ${HOME}/.cache/inox
-nodeny  ${HOME}/.config/inox
+noblacklist ${HOME}/.config/inox
 mkdir ${HOME}/.cache/inox
 mkdir ${HOME}/.config/inox
-allow  ${HOME}/.cache/inox
+whitelist ${HOME}/.cache/inox
-allow  ${HOME}/.config/inox
+whitelist ${HOME}/.config/inox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index f361fd663..3037d00e9 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/iridium
+noblacklist ${HOME}/.cache/iridium
-nodeny  ${HOME}/.config/iridium
+noblacklist ${HOME}/.config/iridium
 mkdir ${HOME}/.cache/iridium
 mkdir ${HOME}/.config/iridium
-allow  ${HOME}/.cache/iridium
+whitelist ${HOME}/.cache/iridium
-allow  ${HOME}/.config/iridium
+whitelist ${HOME}/.config/iridium
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index fa0bcf986..e02dcbdb1 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
-nodeny  ${HOME}/.itch
+noblacklist ${HOME}/.itch
-nodeny  ${HOME}/.config/itch
+noblacklist ${HOME}/.config/itch
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
-allow  ${HOME}/.itch
+whitelist ${HOME}/.itch
-allow  ${HOME}/.config/itch
+whitelist ${HOME}/.config/itch
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index e4be574df..3e9abf369 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/jami
+noblacklist ${HOME}/.config/jami
-nodeny  ${HOME}/.local/share/jami
+noblacklist ${HOME}/.local/share/jami
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/jami
 mkdir ${HOME}/.local/share/jami
-allow  ${HOME}/.config/jami
+whitelist ${HOME}/.config/jami
-allow  ${HOME}/.local/share/jami
+whitelist ${HOME}/.local/share/jami
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index bfea84c69..7d29f1068 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/jd-gui.cfg
+noblacklist ${HOME}/.config/jd-gui.cfg
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index c41027618..85b1f2120 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/dkl
+noblacklist ${HOME}/.config/dkl
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index 9ca30c36d..edb7ed840 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Jitsi Meet
+noblacklist ${HOME}/.config/Jitsi Meet
-noallow  ${DOWNLOADS}
+nowhitelist ${DOWNLOADS}
 mkdir ${HOME}/.config/Jitsi Meet
-allow  ${HOME}/.config/Jitsi Meet
+whitelist ${HOME}/.config/Jitsi Meet
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index f53e6ca32..223c360b8 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.jitsi
+noblacklist ${HOME}/.jitsi
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index c0a78ecc0..9954b8aea 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.jumpnbump
+noblacklist ${HOME}/.jumpnbump
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.jumpnbump
-allow  ${HOME}/.jumpnbump
+whitelist ${HOME}/.jumpnbump
-allow  /usr/share/jumpnbump
+whitelist /usr/share/jumpnbump
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 73ce8670f..5ae90dff6 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/k3brc
+noblacklist ${HOME}/.config/k3brc
-nodeny  ${HOME}/.kde/share/config/k3brc
+noblacklist ${HOME}/.kde/share/config/k3brc
-nodeny  ${HOME}/.kde4/share/config/k3brc
+noblacklist ${HOME}/.kde4/share/config/k3brc
-nodeny  ${HOME}/.local/share/kxmlgui5/k3b
+noblacklist ${HOME}/.local/share/kxmlgui5/k3b
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index e6a00e350..d55fd22cb 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kaffeinerc
+noblacklist ${HOME}/.config/kaffeinerc
-nodeny  ${HOME}/.kde/share/apps/kaffeine
+noblacklist ${HOME}/.kde/share/apps/kaffeine
-nodeny  ${HOME}/.kde/share/config/kaffeinerc
+noblacklist ${HOME}/.kde/share/config/kaffeinerc
-nodeny  ${HOME}/.kde4/share/apps/kaffeine
+noblacklist ${HOME}/.kde4/share/apps/kaffeine
-nodeny  ${HOME}/.kde4/share/config/kaffeinerc
+noblacklist ${HOME}/.kde4/share/config/kaffeinerc
-nodeny  ${HOME}/.local/share/kaffeine
+noblacklist ${HOME}/.local/share/kaffeine
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 98b04353e..503dac4b6 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kalgebrarc
+noblacklist ${HOME}/.config/kalgebrarc
-nodeny  ${HOME}/.local/share/kalgebra
+noblacklist ${HOME}/.local/share/kalgebra
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/kalgebramobile
+whitelist /usr/share/kalgebramobile
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index db5394550..231299a2f 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/karbon
+noblacklist ${HOME}/.local/share/kxmlgui5/karbon
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index d2b180492..27b87e7c3 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/katemetainfos
+noblacklist ${HOME}/.config/katemetainfos
-nodeny  ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/katevirc
-nodeny  ${HOME}/.local/share/kate
+noblacklist ${HOME}/.local/share/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/katefiletree
+noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
-nodeny  ${HOME}/.local/share/kxmlgui5/katekonsole
+noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
-nodeny  ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
-nodeny  ${HOME}/.local/share/kxmlgui5/katepart
+noblacklist ${HOME}/.local/share/kxmlgui5/katepart
-nodeny  ${HOME}/.local/share/kxmlgui5/kateproject
+noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
-nodeny  ${HOME}/.local/share/kxmlgui5/katesearch
+noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index a4e2e64f4..9795cf168 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
-nodeny  ${HOME}/.config/kazam
+noblacklist ${HOME}/.config/kazam
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/kazam
+whitelist /usr/share/kazam
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index fcb168d4d..e36ee5ed2 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/kcalc
+noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
 include disable-common.inc
 include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.config/kcalcrc
+whitelist ${HOME}/.config/kcalcrc
-allow  ${HOME}/.kde/share/config/kcalcrc
+whitelist ${HOME}/.kde/share/config/kcalcrc
-allow  ${HOME}/.kde4/share/config/kcalcrc
+whitelist ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.local/share/kxmlgui5/kcalc
+whitelist ${HOME}/.local/share/kxmlgui5/kcalc
-allow  /usr/share/config.kcfg/kcalc.kcfg
+whitelist /usr/share/config.kcfg/kcalc.kcfg
-allow  /usr/share/kcalc
+whitelist /usr/share/kcalc
-allow  /usr/share/kconf_update/kcalcrc.upd
+whitelist /usr/share/kconf_update/kcalcrc.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index 4acafbf2a..d2a08a269 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/kdenlive
+noblacklist ${HOME}/.cache/kdenlive
-nodeny  ${HOME}/.config/kdenliverc
+noblacklist ${HOME}/.config/kdenliverc
-nodeny  ${HOME}/.local/share/kdenlive
+noblacklist ${HOME}/.local/share/kdenlive
-nodeny  ${HOME}/.local/share/kxmlgui5/kdenlive
+noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 0c37f7968..7c1cb2294 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kdiff3fileitemactionrc
+noblacklist ${HOME}/.config/kdiff3fileitemactionrc
-nodeny  ${HOME}/.config/kdiff3rc
+noblacklist ${HOME}/.config/kdiff3rc
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-deny  ${HOME}/.ssh
+blacklist ${HOME}/.ssh
-deny  ${HOME}/.gnupg
+blacklist ${HOME}/.gnupg
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index 9c06962bc..ae8971ab4 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/KeePass
+noblacklist ${HOME}/.config/KeePass
-nodeny  ${HOME}/.config/keepass
+noblacklist ${HOME}/.config/keepass
-nodeny  ${HOME}/.keepass
+noblacklist ${HOME}/.keepass
-nodeny  ${HOME}/.local/share/KeePass
+noblacklist ${HOME}/.local/share/KeePass
-nodeny  ${HOME}/.local/share/keepass
+noblacklist ${HOME}/.local/share/keepass
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 2772fa8bf..ac364986d 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/keepassx
+noblacklist ${HOME}/.config/keepassx
-nodeny  ${HOME}/.keepassx
+noblacklist ${HOME}/.keepassx
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 9c530b20d..f71dcf82b 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
-nodeny  ${HOME}/.cache/keepassxc
+noblacklist ${HOME}/.cache/keepassxc
-nodeny  ${HOME}/.config/keepassxc
+noblacklist ${HOME}/.config/keepassxc
-nodeny  ${HOME}/.config/KeePassXCrc
+noblacklist ${HOME}/.config/KeePassXCrc
-nodeny  ${HOME}/.keepassxc
+noblacklist ${HOME}/.keepassxc
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow browser profiles, required for browser integration.
-nodeny  ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.config/google-chrome
-nodeny  ${HOME}/.config/vivaldi
+noblacklist ${HOME}/.config/vivaldi
-nodeny  ${HOME}/.local/share/torbrowser
+noblacklist ${HOME}/.local/share/torbrowser
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/KeePassXCrc
 #include whitelist-common.inc
-allow  /usr/share/keepassxc
+whitelist /usr/share/keepassxc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 30c041cbc..2c684504b 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/kget
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 84d135fc3..9bcede077 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
 # This file is overwritten after every install/update
 include kid3-qt.local
-nodeny  ${HOME}/.config/Kid3
+noblacklist ${HOME}/.config/Kid3
 # Redirect
 include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index 0ef2a7845..e18292e99 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${HOME}/.config/kid3rc
+noblacklist ${HOME}/.config/kid3rc
-nodeny  ${HOME}/.local/share/kxmlgui5/kid3
+noblacklist ${HOME}/.local/share/kxmlgui5/kid3
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 833c1d22a..74014ffe6 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kino-history
+noblacklist ${HOME}/.kino-history
-nodeny  ${HOME}/.kinorc
+noblacklist ${HOME}/.kinorc
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index b188ba0e3..40ee0bbc7 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/kiwix
+noblacklist ${HOME}/.local/share/kiwix
-nodeny  ${HOME}/.local/share/kiwix-desktop
+noblacklist ${HOME}/.local/share/kiwix-desktop
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/kiwix
 mkdir ${HOME}/.local/share/kiwix-desktop
-allow  ${HOME}/.local/share/kiwix
+whitelist ${HOME}/.local/share/kiwix
-allow  ${HOME}/.local/share/kiwix-desktop
+whitelist ${HOME}/.local/share/kiwix-desktop
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index e087e4973..c6a9023f1 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kde/share/apps/klatexformula
+noblacklist ${HOME}/.kde/share/apps/klatexformula
-nodeny  ${HOME}/.klatexformula
+noblacklist ${HOME}/.klatexformula
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index ec3912419..f5cd3a48c 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/klavaro
+noblacklist ${HOME}/.config/klavaro
-nodeny  ${HOME}/.local/share/klavaro
+noblacklist ${HOME}/.local/share/klavaro
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/klavaro
 mkdir ${HOME}/.config/klavaro
-allow  ${HOME}/.local/share/klavaro
+whitelist ${HOME}/.local/share/klavaro
-allow  ${HOME}/.config/klavaro
+whitelist ${HOME}/.config/klavaro
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 3c582c08c..95ae98e53 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
-nodeny  ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.cache/kmail2
+noblacklist ${HOME}/.cache/kmail2
-nodeny  ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/kmailsearchindexingrc
+noblacklist ${HOME}/.config/kmailsearchindexingrc
-nodeny  ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/emailidentities
+noblacklist ${HOME}/.local/share/emailidentities
-nodeny  ${HOME}/.local/share/kmail2
+noblacklist ${HOME}/.local/share/kmail2
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail2
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
-nodeny  ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
+noblacklist ${HOME}/.local/share/notes
-nodeny  /tmp/akonadi-*
+noblacklist /tmp/akonadi-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index d2ce14ab6..e88b53499 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kmplayerrc
+noblacklist ${HOME}/.config/kmplayerrc
-nodeny  ${HOME}/.kde/share/config/kmplayerrc
+noblacklist ${HOME}/.kde/share/config/kmplayerrc
-nodeny  ${HOME}/.local/share/kmplayer
+noblacklist ${HOME}/.local/share/kmplayer
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index 5a9ac34da..f155d0ad6 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
 # knotes has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when knotes is started
-nodeny  ${HOME}/.config/knotesrc
+noblacklist ${HOME}/.config/knotesrc
-nodeny  ${HOME}/.local/share/knotes
+noblacklist ${HOME}/.local/share/knotes
-nodeny  ${HOME}/.local/share/kxmlgui5/knotes
+noblacklist ${HOME}/.local/share/kxmlgui5/knotes
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index 2725c87be..b7091f1fc 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
 #ignore noroot
 #ignore private-dev
-nodeny  ${HOME}/.kodi
+noblacklist ${HOME}/.kodi
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index d8ce33838..5b5ed6e24 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/konversationrc
+noblacklist ${HOME}/.config/konversationrc
-nodeny  ${HOME}/.config/konversation.notifyrc
+noblacklist ${HOME}/.config/konversation.notifyrc
-nodeny  ${HOME}/.kde/share/config/konversationrc
+noblacklist ${HOME}/.kde/share/config/konversationrc
-nodeny  ${HOME}/.kde4/share/config/konversationrc
+noblacklist ${HOME}/.kde4/share/config/konversationrc
-nodeny  ${HOME}/.local/share/kxmlgui5/konversation
+noblacklist ${HOME}/.local/share/kxmlgui5/konversation
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 749591f32..88f47d1bf 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kde/share/apps/kopete
+noblacklist ${HOME}/.kde/share/apps/kopete
-nodeny  ${HOME}/.kde/share/config/kopeterc
+noblacklist ${HOME}/.kde/share/config/kopeterc
-nodeny  ${HOME}/.kde4/share/apps/kopete
+noblacklist ${HOME}/.kde4/share/apps/kopete
-nodeny  ${HOME}/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.kde4/share/config/kopeterc
-nodeny  ${HOME}/.local/share/kxmlgui5/kopete
+noblacklist ${HOME}/.local/share/kxmlgui5/kopete
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/lib/winpopup
+whitelist /var/lib/winpopup
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 950341def..8604e63d0 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
 # noexec ${HOME} may break krita, see issue #1953
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/kritarc
+noblacklist ${HOME}/.config/kritarc
-nodeny  ${HOME}/.local/share/krita
+noblacklist ${HOME}/.local/share/krita
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 7b325d273..9cb5eff87 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 # noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/krunnerrc
+noblacklist ${HOME}/.config/krunnerrc
-nodeny  ${HOME}/.kde/share/config/krunnerrc
+noblacklist ${HOME}/.kde/share/config/krunnerrc
-nodeny  ${HOME}/.kde4/share/config/krunnerrc
+noblacklist ${HOME}/.kde4/share/config/krunnerrc
 # noblacklist ${HOME}/.local/share/baloo
 # noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index ac9fee585..5a85194e0 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ktorrentrc
+noblacklist ${HOME}/.config/ktorrentrc
-nodeny  ${HOME}/.kde/share/apps/ktorrent
+noblacklist ${HOME}/.kde/share/apps/ktorrent
-nodeny  ${HOME}/.kde/share/config/ktorrentrc
+noblacklist ${HOME}/.kde/share/config/ktorrentrc
-nodeny  ${HOME}/.kde4/share/apps/ktorrent
+noblacklist ${HOME}/.kde4/share/apps/ktorrent
-nodeny  ${HOME}/.kde4/share/config/ktorrentrc
+noblacklist ${HOME}/.kde4/share/config/ktorrentrc
-nodeny  ${HOME}/.local/share/ktorrent
+noblacklist ${HOME}/.local/share/ktorrent
-nodeny  ${HOME}/.local/share/kxmlgui5/ktorrent
+noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
 include disable-common.inc
 include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/ktorrentrc
+whitelist ${HOME}/.config/ktorrentrc
-allow  ${HOME}/.kde/share/apps/ktorrent
+whitelist ${HOME}/.kde/share/apps/ktorrent
-allow  ${HOME}/.kde/share/config/ktorrentrc
+whitelist ${HOME}/.kde/share/config/ktorrentrc
-allow  ${HOME}/.kde4/share/apps/ktorrent
+whitelist ${HOME}/.kde4/share/apps/ktorrent
-allow  ${HOME}/.kde4/share/config/ktorrentrc
+whitelist ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${HOME}/.local/share/ktorrent
+whitelist ${HOME}/.local/share/ktorrent
-allow  ${HOME}/.local/share/kxmlgui5/ktorrent
+whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 71f8e4977..4cf72b74c 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ktouch2rc
+noblacklist ${HOME}/.config/ktouch2rc
-nodeny  ${HOME}/.local/share/ktouch
+noblacklist ${HOME}/.local/share/ktouch
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
 mkfile ${HOME}/.config/ktouch2rc
 mkdir ${HOME}/.local/share/ktouch
-allow  ${HOME}/.config/ktouch2rc
+whitelist ${HOME}/.config/ktouch2rc
-allow  ${HOME}/.local/share/ktouch
+whitelist ${HOME}/.local/share/ktouch
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 74ffd1162..4e9a12e5f 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.cache/kube
+noblacklist ${HOME}/.cache/kube
-nodeny  ${HOME}/.config/kube
+noblacklist ${HOME}/.config/kube
-nodeny  ${HOME}/.config/sink
+noblacklist ${HOME}/.config/sink
-nodeny  ${HOME}/.local/share/kube
+noblacklist ${HOME}/.local/share/kube
-nodeny  ${HOME}/.local/share/sink
+noblacklist ${HOME}/.local/share/sink
 include disable-common.inc
 include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
 mkdir ${HOME}/.config/sink
 mkdir ${HOME}/.local/share/kube
 mkdir ${HOME}/.local/share/sink
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.cache/kube
+whitelist ${HOME}/.cache/kube
-allow  ${HOME}/.config/kube
+whitelist ${HOME}/.config/kube
-allow  ${HOME}/.config/sink
+whitelist ${HOME}/.config/sink
-allow  ${HOME}/.local/share/kube
+whitelist ${HOME}/.local/share/kube
-allow  ${HOME}/.local/share/sink
+whitelist ${HOME}/.local/share/sink
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/kube
+whitelist /usr/share/kube
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 580f93736..15e7ceb17 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
 # fix automatical kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
-nodeny  ${HOME}/.cache/kwin
+noblacklist ${HOME}/.cache/kwin
-nodeny  ${HOME}/.config/kwinrc
+noblacklist ${HOME}/.config/kwinrc
-nodeny  ${HOME}/.config/kwinrulesrc
+noblacklist ${HOME}/.config/kwinrulesrc
-nodeny  ${HOME}/.local/share/kwin
+noblacklist ${HOME}/.local/share/kwin
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 08b0e0224..804ffafeb 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/katevirc
-nodeny  ${HOME}/.config/kwriterc
+noblacklist ${HOME}/.config/kwriterc
-nodeny  ${HOME}/.local/share/kwrite
+noblacklist ${HOME}/.local/share/kwrite
-nodeny  ${HOME}/.local/share/kxmlgui5/kwrite
+noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index 91693bfc1..ac1b8785d 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/lib
+whitelist /var/lib
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index e154708eb..4bbb0a86d 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/leafpad
+noblacklist ${HOME}/.config/leafpad
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index abee392de..8eb5ad0c2 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.lesshst
+noblacklist ${HOME}/.lesshst
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index 8ec41eee3..c57eae73d 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/LibreCAD
+noblacklist ${HOME}/.config/LibreCAD
-nodeny  ${HOME}/.local/share/LibreCAD
+noblacklist ${HOME}/.local/share/LibreCAD
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/librecad
+whitelist /usr/share/librecad
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index ae01d39b8..b1a24888c 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
 # Persistent global definitions
 include globals.local
-nodeny  /usr/local/sbin
+noblacklist /usr/local/sbin
-nodeny  ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
 # libreoffice uses java for some functionality.
 # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 5c614ab8e..da047357a 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/librewolf
+noblacklist ${HOME}/.cache/librewolf
-nodeny  ${HOME}/.librewolf
+noblacklist ${HOME}/.librewolf
 mkdir ${HOME}/.cache/librewolf
 mkdir ${HOME}/.librewolf
-allow  ${HOME}/.cache/librewolf
+whitelist ${HOME}/.cache/librewolf
-allow  ${HOME}/.librewolf
+whitelist ${HOME}/.librewolf
 # Add the next lines to your librewolf.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ allow  ${HOME}/.librewolf
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
+whitelist /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 595ecc257..7afca1d5f 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/liferea
+noblacklist ${HOME}/.cache/liferea
-nodeny  ${HOME}/.config/liferea
+noblacklist ${HOME}/.config/liferea
-nodeny  ${HOME}/.local/share/liferea
+noblacklist ${HOME}/.local/share/liferea
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/liferea
 mkdir ${HOME}/.config/liferea
 mkdir ${HOME}/.local/share/liferea
-allow  ${HOME}/.cache/liferea
+whitelist ${HOME}/.cache/liferea
-allow  ${HOME}/.config/liferea
+whitelist ${HOME}/.config/liferea
-allow  ${HOME}/.local/share/liferea
+whitelist ${HOME}/.local/share/liferea
-allow  /usr/share/liferea
+whitelist /usr/share/liferea
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index 58d5bcd6d..c065c44a9 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
 # Persistent global definitions
 include globals.local
-allow  /usr/share/lightsoff
+whitelist /usr/share/lightsoff
 private-bin lightsoff
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index e14c50d77..4254b7f33 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.lincity-ng
+noblacklist ${HOME}/.lincity-ng
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.lincity-ng
-allow  ${HOME}/.lincity-ng
+whitelist ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 51e3d5b94..cd885b1d4 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
 # common profile for links browsers
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index ae57601ca..8ce39cc7f 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.links
+noblacklist ${HOME}/.links
 mkdir ${HOME}/.links
-allow  ${HOME}/.links
+whitelist ${HOME}/.links
 private-bin links
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index eb349c73a..5f91dfcd2 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.links2
+noblacklist ${HOME}/.links2
 mkdir ${HOME}/.links2
-allow  ${HOME}/.links2
+whitelist ${HOME}/.links2
 private-bin links2
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index dd1dac05b..7ebdbef4c 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/linphone
+noblacklist ${HOME}/.config/linphone
-nodeny  ${HOME}/.linphone-history.db
+noblacklist ${HOME}/.linphone-history.db
-nodeny  ${HOME}/.linphonerc
+noblacklist ${HOME}/.linphonerc
-nodeny  ${HOME}/.local/share/linphone
+noblacklist ${HOME}/.local/share/linphone
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
 # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
 mkdir ${HOME}/.config/linphone
 mkdir ${HOME}/.local/share/linphone
-allow  ${HOME}/.config/linphone
+whitelist ${HOME}/.config/linphone
-allow  ${HOME}/.linphone-history.db
+whitelist ${HOME}/.linphone-history.db
-allow  ${HOME}/.linphonerc
+whitelist ${HOME}/.linphonerc
-allow  ${HOME}/.local/share/linphone
+whitelist ${HOME}/.local/share/linphone
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index b22110fdc..48b0e14dc 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.lmmsrc.xml
+noblacklist ${HOME}/.lmmsrc.xml
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index 0a7ce86e8..f2676fec5 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/lollypop
+noblacklist ${HOME}/.local/share/lollypop
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 30802b3b7..174c65a65 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
 # note: crashes after entering
-nodeny  ${HOME}/.config/lugaru
+noblacklist ${HOME}/.config/lugaru
-nodeny  ${HOME}/.local/share/lugaru
+noblacklist ${HOME}/.local/share/lugaru
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/lugaru
 mkdir ${HOME}/.local/share/lugaru
-allow  ${HOME}/.config/lugaru
+whitelist ${HOME}/.config/lugaru
-allow  ${HOME}/.local/share/lugaru
+whitelist ${HOME}/.local/share/lugaru
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 73400dbd6..31067034e 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Luminance
+noblacklist ${HOME}/.config/Luminance
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 9d5169b80..80a3aba86 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PATH}/llvm*
+noblacklist ${PATH}/llvm*
-nodeny  ${HOME}/Games
+noblacklist ${HOME}/Games
-nodeny  ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/lutris
-nodeny  ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.cache/winetricks
-nodeny  ${HOME}/.config/lutris
+noblacklist ${HOME}/.config/lutris
-nodeny  ${HOME}/.local/share/lutris
+noblacklist ${HOME}/.local/share/lutris
 # noblacklist ${HOME}/.wine
-nodeny  /tmp/.wine-*
+noblacklist /tmp/.wine-*
 # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
 # Lutris won't even start.
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 ignore noexec ${HOME}
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
 # mkdir ${HOME}/.wine
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/Games
+whitelist ${HOME}/Games
-allow  ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/lutris
-allow  ${HOME}/.cache/winetricks
+whitelist ${HOME}/.cache/winetricks
-allow  ${HOME}/.config/lutris
+whitelist ${HOME}/.config/lutris
-allow  ${HOME}/.local/share/lutris
+whitelist ${HOME}/.local/share/lutris
 # whitelist ${HOME}/.wine
-allow  /usr/share/lutris
+whitelist /usr/share/lutris
-allow  /usr/share/wine
+whitelist /usr/share/wine
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index 43147211b..b2a56012e 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/lximage-qt
+noblacklist ${HOME}/.config/lximage-qt
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index c849f2ad2..cc4b95551 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/xmms2
+noblacklist ${HOME}/.cache/xmms2
-nodeny  ${HOME}/.config/xmms2
+noblacklist ${HOME}/.config/xmms2
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 15c8f1faa..a919e924b 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index 358dbf2f2..fa69463d1 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
 ignore private-tmp
-nodeny  ${HOME}/.config/LyX
+noblacklist ${HOME}/.config/LyX
-nodeny  ${HOME}/.lyx
+noblacklist ${HOME}/.lyx
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
-allow  /usr/share/lyx
+whitelist /usr/share/lyx
-allow  /usr/share/texinfo
+whitelist /usr/share/texinfo
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/texmf-dist
+whitelist /usr/share/texmf-dist
-allow  /usr/share/tlpkg
+whitelist /usr/share/tlpkg
 include whitelist-usr-share-common.inc
 apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 3a4edcf69..4637419bf 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
 include globals.local
 # all applications started in sway will run in this profile
-nodeny  ${HOME}/.config/sway
+noblacklist ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile
index e6c43007d..62d0a8b3a 100644
--- a/etc/profile-m-z/Maelstrom.profile
+++ b/etc/profile-m-z/Maelstrom.profile
@@ -6,7 +6,7 @@ include Maelstrom.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/lib/games/Maelstrom-Scores
+noblacklist /var/lib/games/Maelstrom-Scores
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /var/lib/games
+whitelist /var/lib/games
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile
index bd929d21a..c2734b1c1 100644
--- a/etc/profile-m-z/Mathematica.profile
+++ b/etc/profile-m-z/Mathematica.profile
@@ -5,8 +5,8 @@ include Mathematica.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.Mathematica
+noblacklist ${HOME}/.Mathematica
-nodeny  ${HOME}/.Wolfram Research
+noblacklist ${HOME}/.Wolfram Research
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 mkdir ${HOME}/.Mathematica
 mkdir ${HOME}/.Wolfram Research
 mkdir ${HOME}/Documents/Wolfram Mathematica
-allow  ${HOME}/.Mathematica
+whitelist ${HOME}/.Mathematica
-allow  ${HOME}/.Wolfram Research
+whitelist ${HOME}/.Wolfram Research
-allow  ${HOME}/Documents/Wolfram Mathematica
+whitelist ${HOME}/Documents/Wolfram Mathematica
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
index f833b9446..e678b7204 100644
--- a/etc/profile-m-z/PCSX2.profile
+++ b/etc/profile-m-z/PCSX2.profile
@@ -8,7 +8,7 @@ include globals.local
 # Note: you must whitelist your games folder in your PCSX2.local.
-nodeny  ${HOME}/.config/PCSX2
+noblacklist ${HOME}/.config/PCSX2
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/PCSX2
-allow  ${HOME}/.config/PCSX2
+whitelist ${HOME}/.config/PCSX2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile
index d7b01fe06..86120587b 100644
--- a/etc/profile-m-z/QMediathekView.profile
+++ b/etc/profile-m-z/QMediathekView.profile
@@ -6,18 +6,18 @@ include QMediathekView.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/QMediathekView
+noblacklist ${HOME}/.config/QMediathekView
-nodeny  ${HOME}/.local/share/QMediathekView
+noblacklist ${HOME}/.local/share/QMediathekView
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/totem
+noblacklist ${HOME}/.config/totem
-nodeny  ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/vlc
-nodeny  ${HOME}/.config/xplayer
+noblacklist ${HOME}/.config/xplayer
-nodeny  ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/totem
-nodeny  ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.local/share/xplayer
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -28,7 +28,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/qtchooser
+whitelist /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile
index 4ca42730a..660378089 100644
--- a/etc/profile-m-z/QOwnNotes.profile
+++ b/etc/profile-m-z/QOwnNotes.profile
@@ -6,10 +6,10 @@ include QOwnNotes.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/Nextcloud/Notes
+noblacklist ${HOME}/Nextcloud/Notes
-nodeny  ${HOME}/.config/PBE
+noblacklist ${HOME}/.config/PBE
-nodeny  ${HOME}/.local/share/PBE
+noblacklist ${HOME}/.local/share/PBE
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/Nextcloud/Notes
 mkdir ${HOME}/.config/PBE
 mkdir ${HOME}/.local/share/PBE
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${HOME}/Nextcloud/Notes
+whitelist ${HOME}/Nextcloud/Notes
-allow  ${HOME}/.config/PBE
+whitelist ${HOME}/.config/PBE
-allow  ${HOME}/.local/share/PBE
+whitelist ${HOME}/.local/share/PBE
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile
index b98847d3a..3195e39fa 100644
--- a/etc/profile-m-z/Viber.profile
+++ b/etc/profile-m-z/Viber.profile
@@ -5,8 +5,8 @@ include Viber.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ViberPC
+noblacklist ${HOME}/.ViberPC
-nodeny  ${PATH}/dig
+noblacklist ${PATH}/dig
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.ViberPC
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.ViberPC
+whitelist ${HOME}/.ViberPC
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile
index c9cf7adf7..d78e04595 100644
--- a/etc/profile-m-z/XMind.profile
+++ b/etc/profile-m-z/XMind.profile
@@ -5,7 +5,7 @@ include XMind.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.xmind
+noblacklist ${HOME}/.xmind
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.xmind
-allow  ${HOME}/.xmind
+whitelist ${HOME}/.xmind
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile
index 7ba1cdac9..5cf5161ce 100644
--- a/etc/profile-m-z/Xephyr.profile
+++ b/etc/profile-m-z/Xephyr.profile
@@ -15,7 +15,7 @@ include globals.local
 # or run "sudo firecfg"
 #
-allow  /var/lib/xkb
+whitelist /var/lib/xkb
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile
index a246ccb23..1acd43023 100644
--- a/etc/profile-m-z/Xvfb.profile
+++ b/etc/profile-m-z/Xvfb.profile
@@ -18,7 +18,7 @@ include globals.local
 # some Linux distributions. Also, older versions of Xpra use Xvfb.
 #
-allow  /var/lib/xkb
+whitelist /var/lib/xkb
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile
index 4f65ad7d1..7686c3442 100644
--- a/etc/profile-m-z/ZeGrapher.profile
+++ b/etc/profile-m-z/ZeGrapher.profile
@@ -6,7 +6,7 @@ include ZeGrapher.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ZeGrapher Project
+noblacklist ${HOME}/.config/ZeGrapher Project
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-allow  /usr/share/ZeGrapher
+whitelist /usr/share/ZeGrapher
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile
index 763d475bb..d1dcb6fe0 100644
--- a/etc/profile-m-z/macrofusion.profile
+++ b/etc/profile-m-z/macrofusion.profile
@@ -5,8 +5,8 @@ include macrofusion.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mfusion
+noblacklist ${HOME}/.config/mfusion
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile
index d561a5095..8a27b2626 100644
--- a/etc/profile-m-z/magicor.profile
+++ b/etc/profile-m-z/magicor.profile
@@ -6,7 +6,7 @@ include magicor.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.magicor
+noblacklist ${HOME}/.magicor
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.magicor
-allow  ${HOME}/.magicor
+whitelist ${HOME}/.magicor
-allow  /usr/share/magicor
+whitelist /usr/share/magicor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index a7c486c9f..513fcae55 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -6,8 +6,8 @@ include makepkg.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
 # for potential issues and their solutions when Firejailing makepkg
@@ -17,18 +17,18 @@ deny  ${RUNUSER}/wayland-*
 # whitelist ${HOME}/.gnupg
 # Enable severely restricted access to ${HOME}/.gnupg
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 read-only ${HOME}/.gnupg/gpg.conf
 read-only ${HOME}/.gnupg/trustdb.gpg
 read-only ${HOME}/.gnupg/pubring.kbx
-deny  ${HOME}/.gnupg/random_seed
+blacklist ${HOME}/.gnupg/random_seed
-deny  ${HOME}/.gnupg/pubring.kbx~
+blacklist ${HOME}/.gnupg/pubring.kbx~
-deny  ${HOME}/.gnupg/private-keys-v1.d
+blacklist ${HOME}/.gnupg/private-keys-v1.d
-deny  ${HOME}/.gnupg/crls.d
+blacklist ${HOME}/.gnupg/crls.d
-deny  ${HOME}/.gnupg/openpgp-revocs.d
+blacklist ${HOME}/.gnupg/openpgp-revocs.d
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index 383eeeeb7..bd510fcac 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -7,10 +7,10 @@ include man.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.local/share/man
+noblacklist ${HOME}/.local/share/man
-nodeny  ${HOME}/.rustup
+noblacklist ${HOME}/.rustup
 include disable-common.inc
 include disable-devel.inc
@@ -23,12 +23,12 @@ include disable-xdg.inc
 #mkdir ${HOME}/.local/share/man
 #whitelist ${HOME}/.local/share/man
 #whitelist ${HOME}/.manpath
-allow  /usr/share/groff
+whitelist /usr/share/groff
-allow  /usr/share/info
+whitelist /usr/share/info
-allow  /usr/share/lintian
+whitelist /usr/share/lintian
-allow  /usr/share/locale
+whitelist /usr/share/locale
-allow  /usr/share/man
+whitelist /usr/share/man
-allow  /var/cache/man
+whitelist /var/cache/man
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile
index 67ee783a6..f59a56ac6 100644
--- a/etc/profile-m-z/manaplus.profile
+++ b/etc/profile-m-z/manaplus.profile
@@ -6,8 +6,8 @@ include manaplus.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mana
+noblacklist ${HOME}/.config/mana
-nodeny  ${HOME}/.local/share/mana
+noblacklist ${HOME}/.local/share/mana
 include disable-common.inc
 include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/mana
 mkdir ${HOME}/.config/mana/mana
 mkdir ${HOME}/.local/share/mana
-allow  ${HOME}/.config/mana
+whitelist ${HOME}/.config/mana
-allow  ${HOME}/.local/share/mana
+whitelist ${HOME}/.local/share/mana
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 7645ad335..bd56a8221 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -11,8 +11,8 @@ include globals.local
 #protocol unix,inet,inet6
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
-nodeny  ${HOME}/.cache/marker
+noblacklist ${HOME}/.cache/marker
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include allow-python3.inc
@@ -25,8 +25,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/com.github.fabiocolacio.marker
+whitelist /usr/share/com.github.fabiocolacio.marker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile
index d8b215b7f..de1135071 100644
--- a/etc/profile-m-z/masterpdfeditor.profile
+++ b/etc/profile-m-z/masterpdfeditor.profile
@@ -6,8 +6,8 @@ include masterpdfeditor.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Code Industry
+noblacklist ${HOME}/.config/Code Industry
-nodeny  ${HOME}/.masterpdfeditor
+noblacklist ${HOME}/.masterpdfeditor
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile
index 92832783e..39ee7439d 100644
--- a/etc/profile-m-z/mate-calc.profile
+++ b/etc/profile-m-z/mate-calc.profile
@@ -6,7 +6,7 @@ include mate-calc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mate-calc
+noblacklist ${HOME}/.config/mate-calc
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/mate-calc
 mkdir ${HOME}/.config/caja
 mkdir ${HOME}/.config/mate-menu
-allow  ${HOME}/.cache/mate-calc
+whitelist ${HOME}/.cache/mate-calc
-allow  ${HOME}/.config/caja
+whitelist ${HOME}/.config/caja
-allow  ${HOME}/.config/mate-menu
+whitelist ${HOME}/.config/mate-menu
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile
index 90c9d0993..ae1fcbf62 100644
--- a/etc/profile-m-z/mate-dictionary.profile
+++ b/etc/profile-m-z/mate-dictionary.profile
@@ -5,7 +5,7 @@ include mate-dictionary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mate/mate-dictionary
+noblacklist ${HOME}/.config/mate/mate-dictionary
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/mate/mate-dictionary
-allow  ${HOME}/.config/mate/mate-dictionary
+whitelist ${HOME}/.config/mate/mate-dictionary
 include whitelist-common.inc
 apparmor
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile
index 8ee470a50..b3080df88 100644
--- a/etc/profile-m-z/matrix-mirage.profile
+++ b/etc/profile-m-z/matrix-mirage.profile
@@ -7,16 +7,16 @@ include matrix-mirage.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/matrix-mirage
+noblacklist ${HOME}/.cache/matrix-mirage
-nodeny  ${HOME}/.config/matrix-mirage
+noblacklist ${HOME}/.config/matrix-mirage
-nodeny  ${HOME}/.local/share/matrix-mirage
+noblacklist ${HOME}/.local/share/matrix-mirage
 mkdir ${HOME}/.cache/matrix-mirage
 mkdir ${HOME}/.config/matrix-mirage
 mkdir ${HOME}/.local/share/matrix-mirage
-allow  ${HOME}/.cache/matrix-mirage
+whitelist ${HOME}/.cache/matrix-mirage
-allow  ${HOME}/.config/matrix-mirage
+whitelist ${HOME}/.config/matrix-mirage
-allow  ${HOME}/.local/share/matrix-mirage
+whitelist ${HOME}/.local/share/matrix-mirage
 private-bin matrix-mirage
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile
index 01076a90a..3c2bf4fa3 100644
--- a/etc/profile-m-z/mattermost-desktop.profile
+++ b/etc/profile-m-z/mattermost-desktop.profile
@@ -10,12 +10,12 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/Mattermost
+noblacklist ${HOME}/.config/Mattermost
 include disable-shell.inc
 mkdir ${HOME}/.config/Mattermost
-allow  ${HOME}/.config/Mattermost
+whitelist ${HOME}/.config/Mattermost
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile
index ae749114a..38d2d8d63 100644
--- a/etc/profile-m-z/mcabber.profile
+++ b/etc/profile-m-z/mcabber.profile
@@ -6,8 +6,8 @@ include mcabber.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.mcabber
+noblacklist ${HOME}/.mcabber
-nodeny  ${HOME}/.mcabberrc
+noblacklist ${HOME}/.mcabberrc
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
index d9e12fb5d..fcd1e24e5 100644
--- a/etc/profile-m-z/mcomix.profile
+++ b/etc/profile-m-z/mcomix.profile
@@ -6,9 +6,9 @@ include mcomix.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mcomix
+noblacklist ${HOME}/.config/mcomix
-nodeny  ${HOME}/.local/share/mcomix
+noblacklist ${HOME}/.local/share/mcomix
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -30,7 +30,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/mcomix
 mkdir ${HOME}/.local/share/mcomix
-allow  /usr/share/mcomix
+whitelist /usr/share/mcomix
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile
index 9e8656290..5d3f8dc41 100644
--- a/etc/profile-m-z/mdr.profile
+++ b/etc/profile-m-z/mdr.profile
@@ -5,7 +5,7 @@ include mdr.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile
index ae34ea321..17363624f 100644
--- a/etc/profile-m-z/mediainfo.profile
+++ b/etc/profile-m-z/mediainfo.profile
@@ -6,7 +6,7 @@ include mediainfo.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile
index 3459ad4cf..0063badd8 100644
--- a/etc/profile-m-z/mediathekview.profile
+++ b/etc/profile-m-z/mediathekview.profile
@@ -6,16 +6,16 @@ include mediathekview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/totem
+noblacklist ${HOME}/.config/totem
-nodeny  ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/vlc
-nodeny  ${HOME}/.config/xplayer
+noblacklist ${HOME}/.config/xplayer
-nodeny  ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/totem
-nodeny  ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.local/share/xplayer
-nodeny  ${HOME}/.mediathek3
+noblacklist ${HOME}/.mediathek3
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile
index ad9094ddf..f07b9166a 100644
--- a/etc/profile-m-z/megaglest.profile
+++ b/etc/profile-m-z/megaglest.profile
@@ -6,7 +6,7 @@ include megaglest.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.megaglest
+noblacklist ${HOME}/.megaglest
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.megaglest
-allow  ${HOME}/.megaglest
+whitelist ${HOME}/.megaglest
-allow  /usr/share/megaglest
+whitelist /usr/share/megaglest
-allow  /usr/share/games/megaglest       # Debian version
+whitelist /usr/share/games/megaglest    # Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index 06ee572c9..2a8bb3acf 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -13,12 +13,12 @@ include globals.local
 # Calling it by its absolute path (example for git mergetool):
 # $ git config --global mergetool.meld.cmd /usr/bin/meld
-nodeny  ${HOME}/.config/meld
+noblacklist ${HOME}/.config/meld
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.local/share/meld
+noblacklist ${HOME}/.local/share/meld
-nodeny  ${HOME}/.subversion
+noblacklist ${HOME}/.subversion
 # Allow python (blacklisted by disable-interpreters.inc)
 # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks
@@ -29,7 +29,7 @@ include allow-python3.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 # Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile
index e33d6c157..c0bdbb230 100644
--- a/etc/profile-m-z/mendeleydesktop.profile
+++ b/etc/profile-m-z/mendeleydesktop.profile
@@ -6,13 +6,13 @@ include mendeleydesktop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.cache/Mendeley Ltd.
+noblacklist ${HOME}/.cache/Mendeley Ltd.
-nodeny  ${HOME}/.config/Mendeley Ltd.
+noblacklist ${HOME}/.config/Mendeley Ltd.
-nodeny  ${HOME}/.local/share/Mendeley Ltd.
+noblacklist ${HOME}/.local/share/Mendeley Ltd.
-nodeny  ${HOME}/.local/share/data/Mendeley Ltd.
+noblacklist ${HOME}/.local/share/data/Mendeley Ltd.
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
index 52808a5b5..2081b8c96 100644
--- a/etc/profile-m-z/menulibre.profile
+++ b/etc/profile-m-z/menulibre.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 # Whitelist your system icon directory,varies by distro
-allow  /usr/share/app-info
+whitelist /usr/share/app-info
-allow  /usr/share/desktop-directories
+whitelist /usr/share/desktop-directories
-allow  /usr/share/icons
+whitelist /usr/share/icons
-allow  /usr/share/menulibre
+whitelist /usr/share/menulibre
-allow  /var/lib/app-info/icons
+whitelist /var/lib/app-info/icons
-allow  /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/applications
-allow  /var/lib/flatpak/exports/share/icons
+whitelist /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile
index 48f936632..85ed7bc74 100644
--- a/etc/profile-m-z/meteo-qt.profile
+++ b/etc/profile-m-z/meteo-qt.profile
@@ -6,8 +6,8 @@ include meteo-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/autostart
-nodeny  ${HOME}/.config/meteo-qt
+noblacklist ${HOME}/.config/meteo-qt
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/meteo-qt
-allow  ${HOME}/.config/autostart
+whitelist ${HOME}/.config/autostart
-allow  ${HOME}/.config/meteo-qt
+whitelist ${HOME}/.config/meteo-qt
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile
index 259d39a5f..34d9f470a 100644
--- a/etc/profile-m-z/microsoft-edge-beta.profile
+++ b/etc/profile-m-z/microsoft-edge-beta.profile
@@ -6,13 +6,13 @@ include microsoft-edge-beta.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/microsoft-edge-beta
+noblacklist ${HOME}/.cache/microsoft-edge-beta
-nodeny  ${HOME}/.config/microsoft-edge-beta
+noblacklist ${HOME}/.config/microsoft-edge-beta
 mkdir ${HOME}/.cache/microsoft-edge-beta
 mkdir ${HOME}/.config/microsoft-edge-beta
-allow  ${HOME}/.cache/microsoft-edge-beta
+whitelist ${HOME}/.cache/microsoft-edge-beta
-allow  ${HOME}/.config/microsoft-edge-beta
+whitelist ${HOME}/.config/microsoft-edge-beta
 private-opt microsoft
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile
index 96465866c..039cd36a8 100644
--- a/etc/profile-m-z/microsoft-edge-dev.profile
+++ b/etc/profile-m-z/microsoft-edge-dev.profile
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/microsoft-edge-dev
+noblacklist ${HOME}/.cache/microsoft-edge-dev
-nodeny  ${HOME}/.config/microsoft-edge-dev
+noblacklist ${HOME}/.config/microsoft-edge-dev
 mkdir ${HOME}/.cache/microsoft-edge-dev
 mkdir ${HOME}/.config/microsoft-edge-dev
-allow  ${HOME}/.cache/microsoft-edge-dev
+whitelist ${HOME}/.cache/microsoft-edge-dev
-allow  ${HOME}/.config/microsoft-edge-dev
+whitelist ${HOME}/.config/microsoft-edge-dev
 private-opt microsoft
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile
index c4a444e0d..e15259608 100644
--- a/etc/profile-m-z/midori.profile
+++ b/etc/profile-m-z/midori.profile
@@ -9,17 +9,17 @@ include globals.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/midori
+noblacklist ${HOME}/.cache/midori
-nodeny  ${HOME}/.config/midori
+noblacklist ${HOME}/.config/midori
-nodeny  ${HOME}/.local/share/midori
+noblacklist ${HOME}/.local/share/midori
 # noblacklist ${HOME}/.local/share/webkit
 # noblacklist ${HOME}/.local/share/webkitgtk
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
-nodeny  ${HOME}/.cache/gnome-mplayer
+noblacklist ${HOME}/.cache/gnome-mplayer
-nodeny  ${HOME}/.config/gnome-mplayer
+noblacklist ${HOME}/.config/gnome-mplayer
-nodeny  ${HOME}/.lastpass
+noblacklist ${HOME}/.lastpass
 include disable-common.inc
 include disable-devel.inc
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit
 mkdir ${HOME}/.local/share/webkitgtk
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/midori
+whitelist ${HOME}/.cache/midori
-allow  ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/midori
+whitelist ${HOME}/.config/midori
-allow  ${HOME}/.lastpass
+whitelist ${HOME}/.lastpass
-allow  ${HOME}/.local/share/midori
+whitelist ${HOME}/.local/share/midori
-allow  ${HOME}/.local/share/webkit
+whitelist ${HOME}/.local/share/webkit
-allow  ${HOME}/.local/share/webkitgtk
+whitelist ${HOME}/.local/share/webkitgtk
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile
index 214332184..7f3aeab44 100644
--- a/etc/profile-m-z/min.profile
+++ b/etc/profile-m-z/min.profile
@@ -6,10 +6,10 @@ include min.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Min
+noblacklist ${HOME}/.config/Min
 mkdir ${HOME}/.config/Min
-allow  ${HOME}/.config/Min
+whitelist ${HOME}/.config/Min
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile
index ee8402b87..fbf6b58e8 100644
--- a/etc/profile-m-z/mindless.profile
+++ b/etc/profile-m-z/mindless.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/mindless
+whitelist /usr/share/mindless
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index 595313851..1028e374a 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -11,7 +11,7 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.minecraft
+noblacklist ${HOME}/.minecraft
 include allow-java.inc
@@ -25,7 +25,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.minecraft
-allow  ${HOME}/.minecraft
+whitelist ${HOME}/.minecraft
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile
index 11d0859b7..cad1adbda 100644
--- a/etc/profile-m-z/minetest.profile
+++ b/etc/profile-m-z/minetest.profile
@@ -9,8 +9,8 @@ include globals.local
 # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf:
 #   screenshot_path = /home/<USER>/.minetest/screenshots
-nodeny  ${HOME}/.cache/minetest
+noblacklist ${HOME}/.cache/minetest
-nodeny  ${HOME}/.minetest
+noblacklist ${HOME}/.minetest
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -26,10 +26,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/minetest
 mkdir ${HOME}/.minetest
-allow  ${HOME}/.cache/minetest
+whitelist ${HOME}/.cache/minetest
-allow  ${HOME}/.minetest
+whitelist ${HOME}/.minetest
-allow  /usr/share/games/minetest
+whitelist /usr/share/games/minetest
-allow  /usr/share/minetest
+whitelist /usr/share/minetest
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index 192913dbf..3fe3428d0 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -6,10 +6,10 @@ include minitube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${HOME}/.cache/Flavio Tordini
+noblacklist ${HOME}/.cache/Flavio Tordini
-nodeny  ${HOME}/.config/Flavio Tordini
+noblacklist ${HOME}/.config/Flavio Tordini
-nodeny  ${HOME}/.local/share/Flavio Tordini
+noblacklist ${HOME}/.local/share/Flavio Tordini
 include allow-lua.inc
@@ -25,11 +25,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Flavio Tordini
 mkdir ${HOME}/.config/Flavio Tordini
 mkdir ${HOME}/.local/share/Flavio Tordini
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  ${HOME}/.cache/Flavio Tordini
+whitelist ${HOME}/.cache/Flavio Tordini
-allow  ${HOME}/.config/Flavio Tordini
+whitelist ${HOME}/.config/Flavio Tordini
-allow  ${HOME}/.local/share/Flavio Tordini
+whitelist ${HOME}/.local/share/Flavio Tordini
-allow  /usr/share/minitube
+whitelist /usr/share/minitube
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index b2f2cc5b1..505009283 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -6,10 +6,10 @@ include mirage.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mirage
+noblacklist ${HOME}/.cache/mirage
-nodeny  ${HOME}/.config/mirage
+noblacklist ${HOME}/.config/mirage
-nodeny  ${HOME}/.local/share/mirage
+noblacklist ${HOME}/.local/share/mirage
-nodeny  /sbin
+noblacklist /sbin
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -27,10 +27,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/mirage
 mkdir ${HOME}/.config/mirage
 mkdir ${HOME}/.local/share/mirage
-allow  ${HOME}/.cache/mirage
+whitelist ${HOME}/.cache/mirage
-allow  ${HOME}/.config/mirage
+whitelist ${HOME}/.config/mirage
-allow  ${HOME}/.local/share/mirage
+whitelist ${HOME}/.local/share/mirage
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile
index d5ebfd4b0..58dfd56f5 100644
--- a/etc/profile-m-z/mirrormagic.profile
+++ b/etc/profile-m-z/mirrormagic.profile
@@ -6,7 +6,7 @@ include mirrormagic.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.mirrormagic
+noblacklist ${HOME}/.mirrormagic
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.mirrormagic
-allow  ${HOME}/.mirrormagic
+whitelist ${HOME}/.mirrormagic
-allow  /usr/share/mirrormagic
+whitelist /usr/share/mirrormagic
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index b734bd7c0..e71ba4569 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -7,8 +7,8 @@ include mocp.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.moc
+noblacklist ${HOME}/.moc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile
index a02b29b61..98063fa7c 100644
--- a/etc/profile-m-z/mousepad.profile
+++ b/etc/profile-m-z/mousepad.profile
@@ -6,7 +6,7 @@ include mousepad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Mousepad
+noblacklist ${HOME}/.config/Mousepad
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile
index f47384753..37ce60e04 100644
--- a/etc/profile-m-z/mp3splt-gtk.profile
+++ b/etc/profile-m-z/mp3splt-gtk.profile
@@ -6,7 +6,7 @@ include mp3splt-gtk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.mp3splt-gtk
+noblacklist ${HOME}/.mp3splt-gtk
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile
index 8a2ab15bd..070de8451 100644
--- a/etc/profile-m-z/mp3splt.profile
+++ b/etc/profile-m-z/mp3splt.profile
@@ -6,9 +6,9 @@ include mp3splt.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile
index 6994b0429..55a0b5897 100644
--- a/etc/profile-m-z/mpDris2.profile
+++ b/etc/profile-m-z/mpDris2.profile
@@ -6,13 +6,13 @@ include mpDris2.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mpDris2
+noblacklist ${HOME}/.config/mpDris2
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${MUSIC}
+whitelist ${MUSIC}
 mkdir ${HOME}/.config/mpDris2
-allow  ${HOME}/.config/mpDris2
+whitelist ${HOME}/.config/mpDris2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile
index 8b3350ac8..b517d4ab2 100644
--- a/etc/profile-m-z/mpd.profile
+++ b/etc/profile-m-z/mpd.profile
@@ -6,10 +6,10 @@ include mpd.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mpd
+noblacklist ${HOME}/.config/mpd
-nodeny  ${HOME}/.mpd
+noblacklist ${HOME}/.mpd
-nodeny  ${HOME}/.mpdconf
+noblacklist ${HOME}/.mpdconf
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile
index 03bd44daa..25187e894 100644
--- a/etc/profile-m-z/mpg123.profile
+++ b/etc/profile-m-z/mpg123.profile
@@ -7,7 +7,7 @@ include mpg123.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile
index 84754aeb2..5d023b7f1 100644
--- a/etc/profile-m-z/mplayer.profile
+++ b/etc/profile-m-z/mplayer.profile
@@ -6,7 +6,7 @@ include mplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.mplayer
-allow  ${HOME}/.mplayer
+whitelist ${HOME}/.mplayer
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile
index d35519103..bfe57a132 100644
--- a/etc/profile-m-z/mpsyt.profile
+++ b/etc/profile-m-z/mpsyt.profile
@@ -6,12 +6,12 @@ include mpsyt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mps-youtube
+noblacklist ${HOME}/.config/mps-youtube
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-nodeny  ${HOME}/mps
+noblacklist ${HOME}/mps
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -20,8 +20,8 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv
 mkdir ${HOME}/.config/youtube-dl
 mkdir ${HOME}/.mplayer
 mkdir ${HOME}/mps
-allow  ${HOME}/.config/mps-youtube
+whitelist ${HOME}/.config/mps-youtube
-allow  ${HOME}/.config/mpv
+whitelist ${HOME}/.config/mpv
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/youtube-dl
-allow  ${HOME}/.mplayer
+whitelist ${HOME}/.mplayer
-allow  ${HOME}/.netrc
+whitelist ${HOME}/.netrc
-allow  ${HOME}/mps
+whitelist ${HOME}/mps
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index 4ea2dd348..af5c214f7 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -24,9 +24,9 @@ include globals.local
 #include allow-bin-sh.inc
 #private-bin sh
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -35,7 +35,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -49,14 +49,14 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/mpv
 mkdir ${HOME}/.config/youtube-dl
 mkfile ${HOME}/.netrc
-allow  ${HOME}/.config/mpv
+whitelist ${HOME}/.config/mpv
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/youtube-dl
-allow  ${HOME}/.netrc
+whitelist ${HOME}/.netrc
 include whitelist-common.inc
 include whitelist-player-common.inc
-allow  /usr/share/lua
+whitelist /usr/share/lua
-allow  /usr/share/lua*
+whitelist /usr/share/lua*
-allow  /usr/share/vulkan
+whitelist /usr/share/vulkan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile
index a8c49a690..e3ceb3bd4 100644
--- a/etc/profile-m-z/mrrescue.profile
+++ b/etc/profile-m-z/mrrescue.profile
@@ -6,7 +6,7 @@ include mrrescue.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/love
+noblacklist ${HOME}/.local/share/love
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -14,7 +14,7 @@ include allow-bin-sh.inc
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -26,8 +26,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/love
-allow  ${HOME}/.local/share/love
+whitelist ${HOME}/.local/share/love
-allow  /usr/share/mrrescue
+whitelist /usr/share/mrrescue
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile
index 5fea86ae7..db24e8f9b 100644
--- a/etc/profile-m-z/ms-excel.profile
+++ b/etc/profile-m-z/ms-excel.profile
@@ -6,7 +6,7 @@ include ms-excel.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/ms-excel-online
+noblacklist ${HOME}/.cache/ms-excel-online
 private-bin ms-excel
 # Redirect
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile
index 4033627f7..38fc84ecc 100644
--- a/etc/profile-m-z/ms-office.profile
+++ b/etc/profile-m-z/ms-office.profile
@@ -5,8 +5,8 @@ include ms-office.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/ms-office-online
+noblacklist ${HOME}/.cache/ms-office-online
-nodeny  ${HOME}/.jak
+noblacklist ${HOME}/.jak
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile
index 805de5102..9ea0637bd 100644
--- a/etc/profile-m-z/ms-onenote.profile
+++ b/etc/profile-m-z/ms-onenote.profile
@@ -6,7 +6,7 @@ include ms-onenote.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/ms-onenote-online
+noblacklist ${HOME}/.cache/ms-onenote-online
 private-bin ms-onenote
 # Redirect
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile
index bd14fb7d3..fc3e7c009 100644
--- a/etc/profile-m-z/ms-outlook.profile
+++ b/etc/profile-m-z/ms-outlook.profile
@@ -6,7 +6,7 @@ include ms-outlook.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/ms-outlook-online
+noblacklist ${HOME}/.cache/ms-outlook-online
 private-bin ms-outlook
 # Redirect
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile
index 02a7424e2..dadcd5b1e 100644
--- a/etc/profile-m-z/ms-powerpoint.profile
+++ b/etc/profile-m-z/ms-powerpoint.profile
@@ -6,7 +6,7 @@ include ms-powerpoint.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/ms-powerpoint-online
+noblacklist ${HOME}/.cache/ms-powerpoint-online
 private-bin ms-powerpoint
 # Redirect
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile
index 01729f9a2..df1618361 100644
--- a/etc/profile-m-z/ms-skype.profile
+++ b/etc/profile-m-z/ms-skype.profile
@@ -8,7 +8,7 @@ include ms-skype.local
 ignore novideo
-nodeny  ${HOME}/.cache/ms-skype-online
+noblacklist ${HOME}/.cache/ms-skype-online
 private-bin ms-skype
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile
index 34cf02128..5a617a893 100644
--- a/etc/profile-m-z/ms-word.profile
+++ b/etc/profile-m-z/ms-word.profile
@@ -6,7 +6,7 @@ include ms-word.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/ms-word-online
+noblacklist ${HOME}/.cache/ms-word-online
 private-bin ms-word
 # Redirect
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile
index ec7cd5d04..85c3ee9f2 100644
--- a/etc/profile-m-z/mtpaint.profile
+++ b/etc/profile-m-z/mtpaint.profile
@@ -6,7 +6,7 @@ include mtpaint.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile
index 447e7753f..6df681df1 100644
--- a/etc/profile-m-z/multimc5.profile
+++ b/etc/profile-m-z/multimc5.profile
@@ -5,9 +5,9 @@ include multimc5.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/multimc
+noblacklist ${HOME}/.local/share/multimc
-nodeny  ${HOME}/.local/share/multimc5
+noblacklist ${HOME}/.local/share/multimc5
-nodeny  ${HOME}/.multimc5
+noblacklist ${HOME}/.multimc5
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -22,9 +22,9 @@ include disable-programs.inc
 mkdir ${HOME}/.local/share/multimc
 mkdir ${HOME}/.local/share/multimc5
 mkdir ${HOME}/.multimc5
-allow  ${HOME}/.local/share/multimc
+whitelist ${HOME}/.local/share/multimc
-allow  ${HOME}/.local/share/multimc5
+whitelist ${HOME}/.local/share/multimc5
-allow  ${HOME}/.multimc5
+whitelist ${HOME}/.multimc5
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile
index 1d72e07b8..c7f59c5ee 100644
--- a/etc/profile-m-z/mumble.profile
+++ b/etc/profile-m-z/mumble.profile
@@ -6,9 +6,9 @@ include mumble.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Mumble
+noblacklist ${HOME}/.config/Mumble
-nodeny  ${HOME}/.local/share/data/Mumble
+noblacklist ${HOME}/.local/share/data/Mumble
-nodeny  ${HOME}/.local/share/Mumble
+noblacklist ${HOME}/.local/share/Mumble
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 mkdir ${HOME}/.config/Mumble
 mkdir ${HOME}/.local/share/data/Mumble
 mkdir ${HOME}/.local/share/Mumble
-allow  ${HOME}/.config/Mumble
+whitelist ${HOME}/.config/Mumble
-allow  ${HOME}/.local/share/data/Mumble
+whitelist ${HOME}/.local/share/data/Mumble
-allow  ${HOME}/.local/share/Mumble
+whitelist ${HOME}/.local/share/Mumble
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile
index c208a5e54..be94a9083 100644
--- a/etc/profile-m-z/mupdf-gl.profile
+++ b/etc/profile-m-z/mupdf-gl.profile
@@ -7,7 +7,7 @@ include mupdf-gl.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.mupdf.history
+noblacklist ${HOME}/.mupdf.history
 # Redirect
 include mupdf.profile
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile
index e602b1429..9e4609c48 100644
--- a/etc/profile-m-z/mupdf.profile
+++ b/etc/profile-m-z/mupdf.profile
@@ -6,7 +6,7 @@ include mupdf.local
 # Persistent global definitions
 #include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile
index ecc7e2957..00983a8f3 100644
--- a/etc/profile-m-z/mupen64plus.profile
+++ b/etc/profile-m-z/mupen64plus.profile
@@ -6,8 +6,8 @@ include mupen64plus.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mupen64plus
+noblacklist ${HOME}/.config/mupen64plus
-nodeny  ${HOME}/.local/share/mupen64plus
+noblacklist ${HOME}/.local/share/mupen64plus
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 # you'll need to manually whitelist ROM files
 mkdir ${HOME}/.config/mupen64plus
 mkdir ${HOME}/.local/share/mupen64plus
-allow  ${HOME}/.config/mupen64plus
+whitelist ${HOME}/.config/mupen64plus
-allow  ${HOME}/.local/share/mupen64plus
+whitelist ${HOME}/.local/share/mupen64plus
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile
index aa141f9c0..679e82ae8 100644
--- a/etc/profile-m-z/musescore.profile
+++ b/etc/profile-m-z/musescore.profile
@@ -6,12 +6,12 @@ include musescore.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/MusE
+noblacklist ${HOME}/.config/MusE
-nodeny  ${HOME}/.config/MuseScore
+noblacklist ${HOME}/.config/MuseScore
-nodeny  ${HOME}/.local/share/data/MusE
+noblacklist ${HOME}/.local/share/data/MusE
-nodeny  ${HOME}/.local/share/data/MuseScore
+noblacklist ${HOME}/.local/share/data/MuseScore
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
index 5ab1303a2..04500ac6a 100644
--- a/etc/profile-m-z/musictube.profile
+++ b/etc/profile-m-z/musictube.profile
@@ -6,9 +6,9 @@ include musictube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Flavio Tordini
+noblacklist ${HOME}/.cache/Flavio Tordini
-nodeny  ${HOME}/.config/Flavio Tordini
+noblacklist ${HOME}/.config/Flavio Tordini
-nodeny  ${HOME}/.local/share/Flavio Tordini
+noblacklist ${HOME}/.local/share/Flavio Tordini
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Flavio Tordini
 mkdir ${HOME}/.config/Flavio Tordini
 mkdir ${HOME}/.local/share/Flavio Tordini
-allow  ${HOME}/.cache/Flavio Tordini
+whitelist ${HOME}/.cache/Flavio Tordini
-allow  ${HOME}/.config/Flavio Tordini
+whitelist ${HOME}/.config/Flavio Tordini
-allow  ${HOME}/.local/share/Flavio Tordini
+whitelist ${HOME}/.local/share/Flavio Tordini
-allow  /usr/share/musictube
+whitelist /usr/share/musictube
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile
index 9390f9dcf..74b3e9a5f 100644
--- a/etc/profile-m-z/musixmatch.profile
+++ b/etc/profile-m-z/musixmatch.profile
@@ -5,7 +5,7 @@ include musixmatch.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 91606bdfa..debf81659 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -7,36 +7,36 @@ include mutt.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.Mail
+noblacklist ${HOME}/.Mail
-nodeny  ${HOME}/.bogofilter
+noblacklist ${HOME}/.bogofilter
-nodeny  ${HOME}/.cache/mutt
+noblacklist ${HOME}/.cache/mutt
-nodeny  ${HOME}/.config/mutt
+noblacklist ${HOME}/.config/mutt
-nodeny  ${HOME}/.config/nano
+noblacklist ${HOME}/.config/nano
-nodeny  ${HOME}/.elinks
+noblacklist ${HOME}/.elinks
-nodeny  ${HOME}/.emacs
+noblacklist ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs.d
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mail
+noblacklist ${HOME}/.mail
-nodeny  ${HOME}/.mailcap
+noblacklist ${HOME}/.mailcap
-nodeny  ${HOME}/.msmtprc
+noblacklist ${HOME}/.msmtprc
-nodeny  ${HOME}/.mutt
+noblacklist ${HOME}/.mutt
-nodeny  ${HOME}/.muttrc
+noblacklist ${HOME}/.muttrc
-nodeny  ${HOME}/.nanorc
+noblacklist ${HOME}/.nanorc
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
-nodeny  ${HOME}/.vim
+noblacklist ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.viminfo
-nodeny  ${HOME}/.vimrc
+noblacklist ${HOME}/.vimrc
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
-nodeny  ${HOME}/Mail
+noblacklist ${HOME}/Mail
-nodeny  ${HOME}/mail
+noblacklist ${HOME}/mail
-nodeny  ${HOME}/postponed
+noblacklist ${HOME}/postponed
-nodeny  ${HOME}/sent
+noblacklist ${HOME}/sent
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Add the next lines to your mutt.local for oauth.py,S/MIME support.
 #include allow-perl.inc
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc
 mkfile ${HOME}/.signature
 mkfile ${HOME}/.viminfo
 mkfile ${HOME}/.vimrc
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.Mail
+whitelist ${HOME}/.Mail
-allow  ${HOME}/.bogofilter
+whitelist ${HOME}/.bogofilter
-allow  ${HOME}/.cache/mutt
+whitelist ${HOME}/.cache/mutt
-allow  ${HOME}/.config/mutt
+whitelist ${HOME}/.config/mutt
-allow  ${HOME}/.config/nano
+whitelist ${HOME}/.config/nano
-allow  ${HOME}/.elinks
+whitelist ${HOME}/.elinks
-allow  ${HOME}/.emacs
+whitelist ${HOME}/.emacs
-allow  ${HOME}/.emacs.d
+whitelist ${HOME}/.emacs.d
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.mail
+whitelist ${HOME}/.mail
-allow  ${HOME}/.mailcap
+whitelist ${HOME}/.mailcap
-allow  ${HOME}/.msmtprc
+whitelist ${HOME}/.msmtprc
-allow  ${HOME}/.mutt
+whitelist ${HOME}/.mutt
-allow  ${HOME}/.muttrc
+whitelist ${HOME}/.muttrc
-allow  ${HOME}/.nanorc
+whitelist ${HOME}/.nanorc
-allow  ${HOME}/.signature
+whitelist ${HOME}/.signature
-allow  ${HOME}/.vim
+whitelist ${HOME}/.vim
-allow  ${HOME}/.viminfo
+whitelist ${HOME}/.viminfo
-allow  ${HOME}/.vimrc
+whitelist ${HOME}/.vimrc
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
-allow  ${HOME}/Mail
+whitelist ${HOME}/Mail
-allow  ${HOME}/mail
+whitelist ${HOME}/mail
-allow  ${HOME}/postponed
+whitelist ${HOME}/postponed
-allow  ${HOME}/sent
+whitelist ${HOME}/sent
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /usr/share/mutt
+whitelist /usr/share/mutt
-allow  /var/mail
+whitelist /var/mail
-allow  /var/spool/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile
index 19af47498..d8d487fe7 100644
--- a/etc/profile-m-z/mypaint.profile
+++ b/etc/profile-m-z/mypaint.profile
@@ -6,10 +6,10 @@ include mypaint.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mypaint
+noblacklist ${HOME}/.cache/mypaint
-nodeny  ${HOME}/.config/mypaint
+noblacklist ${HOME}/.config/mypaint
-nodeny  ${HOME}/.local/share/mypaint
+noblacklist ${HOME}/.local/share/mypaint
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile
index f0553bed5..4698c2287 100644
--- a/etc/profile-m-z/nano.profile
+++ b/etc/profile-m-z/nano.profile
@@ -7,10 +7,10 @@ include nano.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/nano
+noblacklist ${HOME}/.config/nano
-nodeny  ${HOME}/.nanorc
+noblacklist ${HOME}/.nanorc
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/nano
+whitelist /usr/share/nano
 include whitelist-usr-share-common.inc
 apparmor
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile
index 35d152748..5bf152f84 100644
--- a/etc/profile-m-z/natron.profile
+++ b/etc/profile-m-z/natron.profile
@@ -5,9 +5,9 @@ include natron.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.Natron
+noblacklist ${HOME}/.Natron
-nodeny  ${HOME}/.cache/INRIA/Natron
+noblacklist ${HOME}/.cache/INRIA/Natron
-nodeny  ${HOME}/.config/INRIA
+noblacklist ${HOME}/.config/INRIA
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile
index 38646dc90..063e30366 100644
--- a/etc/profile-m-z/ncdu.profile
+++ b/etc/profile-m-z/ncdu.profile
@@ -6,7 +6,7 @@ include ncdu.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-exec.inc
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
index ceb885908..9f00448c8 100644
--- a/etc/profile-m-z/neochat.profile
+++ b/etc/profile-m-z/neochat.profile
@@ -6,12 +6,12 @@ include neochat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/KDE/neochat
+noblacklist ${HOME}/.cache/KDE/neochat
-nodeny  ${HOME}/.config/KDE
+noblacklist ${HOME}/.config/KDE
-nodeny  ${HOME}/.config/KDE/neochat
+noblacklist ${HOME}/.config/KDE/neochat
-nodeny  ${HOME}/.config/neochatrc
+noblacklist ${HOME}/.config/neochatrc
-nodeny  ${HOME}/.config/neochat.notifyrc
+noblacklist ${HOME}/.config/neochat.notifyrc
-nodeny  ${HOME}/.local/share/KDE/neochat
+noblacklist ${HOME}/.local/share/KDE/neochat
 include disable-common.inc
 include disable-devel.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/KDE/neochat
 mkdir ${HOME}/.local/share/KDE/neochat
-allow  ${HOME}/.cache/KDE/neochat
+whitelist ${HOME}/.cache/KDE/neochat
-allow  ${HOME}/.local/share/KDE/neochat
+whitelist ${HOME}/.local/share/KDE/neochat
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-1793-workaround.inc
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index 939d6f111..fafa129e4 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -7,38 +7,38 @@ include neomutt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.Mail
+noblacklist ${HOME}/.Mail
-nodeny  ${HOME}/.bogofilter
+noblacklist ${HOME}/.bogofilter
-nodeny  ${HOME}/.config/mutt
+noblacklist ${HOME}/.config/mutt
-nodeny  ${HOME}/.config/nano
+noblacklist ${HOME}/.config/nano
-nodeny  ${HOME}/.config/neomutt
+noblacklist ${HOME}/.config/neomutt
-nodeny  ${HOME}/.elinks
+noblacklist ${HOME}/.elinks
-nodeny  ${HOME}/.emacs
+noblacklist ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs.d
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mail
+noblacklist ${HOME}/.mail
-nodeny  ${HOME}/.mailcap
+noblacklist ${HOME}/.mailcap
-nodeny  ${HOME}/.msmtprc
+noblacklist ${HOME}/.msmtprc
-nodeny  ${HOME}/.mutt
+noblacklist ${HOME}/.mutt
-nodeny  ${HOME}/.muttrc
+noblacklist ${HOME}/.muttrc
-nodeny  ${HOME}/.nanorc
+noblacklist ${HOME}/.nanorc
-nodeny  ${HOME}/.neomutt
+noblacklist ${HOME}/.neomutt
-nodeny  ${HOME}/.neomuttrc
+noblacklist ${HOME}/.neomuttrc
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
-nodeny  ${HOME}/.vim
+noblacklist ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.viminfo
-nodeny  ${HOME}/.vimrc
+noblacklist ${HOME}/.vimrc
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
-nodeny  ${HOME}/Mail
+noblacklist ${HOME}/Mail
-nodeny  ${HOME}/mail
+noblacklist ${HOME}/mail
-nodeny  ${HOME}/postponed
+noblacklist ${HOME}/postponed
-nodeny  ${HOME}/sent
+noblacklist ${HOME}/sent
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include allow-lua.inc
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc
 mkfile ${HOME}/.signature
 mkfile ${HOME}/.viminfo
 mkfile ${HOME}/.vimrc
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.Mail
+whitelist ${HOME}/.Mail
-allow  ${HOME}/.bogofilter
+whitelist ${HOME}/.bogofilter
-allow  ${HOME}/.config/mutt
+whitelist ${HOME}/.config/mutt
-allow  ${HOME}/.config/nano
+whitelist ${HOME}/.config/nano
-allow  ${HOME}/.config/neomutt
+whitelist ${HOME}/.config/neomutt
-allow  ${HOME}/.elinks
+whitelist ${HOME}/.elinks
-allow  ${HOME}/.emacs
+whitelist ${HOME}/.emacs
-allow  ${HOME}/.emacs.d
+whitelist ${HOME}/.emacs.d
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.mail
+whitelist ${HOME}/.mail
-allow  ${HOME}/.mailcap
+whitelist ${HOME}/.mailcap
-allow  ${HOME}/.msmtprc
+whitelist ${HOME}/.msmtprc
-allow  ${HOME}/.mutt
+whitelist ${HOME}/.mutt
-allow  ${HOME}/.muttrc
+whitelist ${HOME}/.muttrc
-allow  ${HOME}/.nanorc
+whitelist ${HOME}/.nanorc
-allow  ${HOME}/.neomutt
+whitelist ${HOME}/.neomutt
-allow  ${HOME}/.neomuttrc
+whitelist ${HOME}/.neomuttrc
-allow  ${HOME}/.signature
+whitelist ${HOME}/.signature
-allow  ${HOME}/.vim
+whitelist ${HOME}/.vim
-allow  ${HOME}/.viminfo
+whitelist ${HOME}/.viminfo
-allow  ${HOME}/.vimrc
+whitelist ${HOME}/.vimrc
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
-allow  ${HOME}/Mail
+whitelist ${HOME}/Mail
-allow  ${HOME}/mail
+whitelist ${HOME}/mail
-allow  ${HOME}/postponed
+whitelist ${HOME}/postponed
-allow  ${HOME}/sent
+whitelist ${HOME}/sent
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /usr/share/neomutt
+whitelist /usr/share/neomutt
-allow  /var/mail
+whitelist /var/mail
-allow  /var/spool/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile
index 68297c110..5d45dd7bc 100644
--- a/etc/profile-m-z/netactview.profile
+++ b/etc/profile-m-z/netactview.profile
@@ -6,7 +6,7 @@ include netactview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.netactview
+noblacklist ${HOME}/.netactview
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.netactview
-allow  ${HOME}/.netactview
+whitelist ${HOME}/.netactview
-allow  /usr/share/netactview
+whitelist /usr/share/netactview
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile
index d5bf8a52a..c9a537370 100644
--- a/etc/profile-m-z/nethack-vultures.profile
+++ b/etc/profile-m-z/nethack-vultures.profile
@@ -6,7 +6,7 @@ include nethack.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.vultures
+noblacklist ${HOME}/.vultures
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.vultures
-allow  ${HOME}/.vultures
+whitelist ${HOME}/.vultures
-allow  /var/log/vultures
+whitelist /var/log/vultures
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile
index 23b57bb52..b57abe260 100644
--- a/etc/profile-m-z/nethack.profile
+++ b/etc/profile-m-z/nethack.profile
@@ -6,7 +6,7 @@ include nethack.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/games/nethack
+noblacklist /var/games/nethack
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/games/nethack
+whitelist /var/games/nethack
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile
index b099d6f0c..0ddb7bbbe 100644
--- a/etc/profile-m-z/netsurf.profile
+++ b/etc/profile-m-z/netsurf.profile
@@ -6,8 +6,8 @@ include netsurf.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/netsurf
+noblacklist ${HOME}/.cache/netsurf
-nodeny  ${HOME}/.config/netsurf
+noblacklist ${HOME}/.config/netsurf
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/netsurf
 mkdir ${HOME}/.config/netsurf
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/netsurf
+whitelist ${HOME}/.cache/netsurf
-allow  ${HOME}/.config/netsurf
+whitelist ${HOME}/.config/netsurf
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile
index dad90a66c..ecfbb14e4 100644
--- a/etc/profile-m-z/neverball.profile
+++ b/etc/profile-m-z/neverball.profile
@@ -6,7 +6,7 @@ include neverball.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.neverball
+noblacklist ${HOME}/.neverball
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.neverball
-allow  ${HOME}/.neverball
+whitelist ${HOME}/.neverball
-allow  /usr/share/neverball
+whitelist /usr/share/neverball
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index c26ba4be0..6efb19502 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -11,15 +11,15 @@ ignore include newsboat.local
 ignore mkdir ${HOME}/.config/newsboat
 ignore mkdir ${HOME}/.local/share/newsboat
 ignore mkdir ${HOME}/.newsboat
-deny  ${PATH}/newsboat
+blacklist ${PATH}/newsboat
-deny  ${HOME}/.config/newsboat
+blacklist ${HOME}/.config/newsboat
-deny  ${HOME}/.local/share/newsboat
+blacklist ${HOME}/.local/share/newsboat
-deny  ${HOME}/.newsboat
+blacklist ${HOME}/.newsboat
-noallow  ${HOME}/.config/newsboat
+nowhitelist ${HOME}/.config/newsboat
-noallow  ${HOME}/.local/share/newsboat
+nowhitelist ${HOME}/.local/share/newsboat
-noallow  ${HOME}/.newsboat
+nowhitelist ${HOME}/.newsboat
 mkdir ${HOME}/.config/newsbeuter
 mkdir ${HOME}/.local/share/newsbeuter
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index e34752b55..13bc3a615 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,12 +6,12 @@ include newsboat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/newsbeuter
+noblacklist ${HOME}/.config/newsbeuter
-nodeny  ${HOME}/.config/newsboat
+noblacklist ${HOME}/.config/newsboat
-nodeny  ${HOME}/.local/share/newsbeuter
+noblacklist ${HOME}/.local/share/newsbeuter
-nodeny  ${HOME}/.local/share/newsboat
+noblacklist ${HOME}/.local/share/newsboat
-nodeny  ${HOME}/.newsbeuter
+noblacklist ${HOME}/.newsbeuter
-nodeny  ${HOME}/.newsboat
+noblacklist ${HOME}/.newsboat
 include disable-common.inc
 include disable-devel.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/newsboat
 mkdir ${HOME}/.local/share/newsboat
 mkdir ${HOME}/.newsboat
-allow  ${HOME}/.config/newsbeuter
+whitelist ${HOME}/.config/newsbeuter
-allow  ${HOME}/.config/newsboat
+whitelist ${HOME}/.config/newsboat
-allow  ${HOME}/.local/share/newsbeuter
+whitelist ${HOME}/.local/share/newsbeuter
-allow  ${HOME}/.local/share/newsboat
+whitelist ${HOME}/.local/share/newsboat
-allow  ${HOME}/.newsbeuter
+whitelist ${HOME}/.newsbeuter
-allow  ${HOME}/.newsboat
+whitelist ${HOME}/.newsboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile
index 273628ea2..18d8c6ed4 100644
--- a/etc/profile-m-z/newsflash.profile
+++ b/etc/profile-m-z/newsflash.profile
@@ -6,9 +6,9 @@ include newsflash.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/NewsFlashGTK
+noblacklist ${HOME}/.cache/NewsFlashGTK
-nodeny  ${HOME}/.config/news-flash
+noblacklist ${HOME}/.config/news-flash
-nodeny  ${HOME}/.local/share/news-flash
+noblacklist ${HOME}/.local/share/news-flash
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/NewsFlashGTK
 mkdir ${HOME}/.config/news-flash
 mkdir ${HOME}/.local/share/news-flash
-allow  ${HOME}/.cache/NewsFlashGTK
+whitelist ${HOME}/.cache/NewsFlashGTK
-allow  ${HOME}/.config/news-flash
+whitelist ${HOME}/.config/news-flash
-allow  ${HOME}/.local/share/news-flash
+whitelist ${HOME}/.local/share/news-flash
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 7ba46691d..9fd76fbe7 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -6,9 +6,9 @@ include nextcloud.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/Nextcloud
+noblacklist ${HOME}/Nextcloud
-nodeny  ${HOME}/.config/Nextcloud
+noblacklist ${HOME}/.config/Nextcloud
-nodeny  ${HOME}/.local/share/Nextcloud
+noblacklist ${HOME}/.local/share/Nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #noblacklist ${DOCUMENTS}
 #noblacklist ${MUSIC}
@@ -27,9 +27,9 @@ include disable-xdg.inc
 mkdir ${HOME}/Nextcloud
 mkdir ${HOME}/.config/Nextcloud
 mkdir ${HOME}/.local/share/Nextcloud
-allow  ${HOME}/Nextcloud
+whitelist ${HOME}/Nextcloud
-allow  ${HOME}/.config/Nextcloud
+whitelist ${HOME}/.config/Nextcloud
-allow  ${HOME}/.local/share/Nextcloud
+whitelist ${HOME}/.local/share/Nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #whitelist ${DOCUMENTS}
 #whitelist ${MUSIC}
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 0149e0737..f8062891c 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -6,9 +6,9 @@ include nheko.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/nheko
+noblacklist ${HOME}/.cache/nheko
-nodeny  ${HOME}/.config/nheko
+noblacklist ${HOME}/.config/nheko
-nodeny  ${HOME}/.local/share/nheko
+noblacklist ${HOME}/.local/share/nheko
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/nheko
 mkdir ${HOME}/.config/nheko
 mkdir ${HOME}/.local/share/nheko
-allow  ${HOME}/.cache/nheko
+whitelist ${HOME}/.cache/nheko
-allow  ${HOME}/.config/nheko
+whitelist ${HOME}/.config/nheko
-allow  ${HOME}/.local/share/nheko
+whitelist ${HOME}/.local/share/nheko
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile
index b31a7babf..1c7dbc009 100644
--- a/etc/profile-m-z/nicotine.profile
+++ b/etc/profile-m-z/nicotine.profile
@@ -6,7 +6,7 @@ include nicotine.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.nicotine
+noblacklist ${HOME}/.nicotine
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.nicotine
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.nicotine
+whitelist ${HOME}/.nicotine
-allow  /usr/share/GeoIP
+whitelist /usr/share/GeoIP
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile
index 70fffd5d4..8dba84f02 100644
--- a/etc/profile-m-z/nitroshare.profile
+++ b/etc/profile-m-z/nitroshare.profile
@@ -6,8 +6,8 @@ include nitroshare.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Nathan Osman
+noblacklist ${HOME}/.config/Nathan Osman
-nodeny  ${HOME}/.config/NitroShare
+noblacklist ${HOME}/.config/NitroShare
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index 7981ba6ae..fa69f9214 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -7,22 +7,22 @@ include nodejs-common.local
 # added by caller profile
 #include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 ignore read-only ${HOME}/.npm-packages
 ignore read-only ${HOME}/.npmrc
 ignore read-only ${HOME}/.nvm
 ignore read-only ${HOME}/.yarnrc
-nodeny  ${HOME}/.node-gyp
+noblacklist ${HOME}/.node-gyp
-nodeny  ${HOME}/.npm
+noblacklist ${HOME}/.npm
-nodeny  ${HOME}/.npmrc
+noblacklist ${HOME}/.npmrc
-nodeny  ${HOME}/.nvm
+noblacklist ${HOME}/.nvm
-nodeny  ${HOME}/.yarn
+noblacklist ${HOME}/.yarn
-nodeny  ${HOME}/.yarn-config
+noblacklist ${HOME}/.yarn-config
-nodeny  ${HOME}/.yarncache
+noblacklist ${HOME}/.yarncache
-nodeny  ${HOME}/.yarnrc
+noblacklist ${HOME}/.yarnrc
 ignore noexec ${HOME}
@@ -58,9 +58,9 @@ include disable-xdg.inc
 #whitelist ${HOME}/Projects
 #include whitelist-common.inc
-allow  /usr/share/doc/node
+whitelist /usr/share/doc/node
-allow  /usr/share/nvm
+whitelist /usr/share/nvm
-allow  /usr/share/systemtap/tapset/node.stp
+whitelist /usr/share/systemtap/tapset/node.stp
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile
index 80fbd0fcb..a36dee874 100644
--- a/etc/profile-m-z/nomacs.profile
+++ b/etc/profile-m-z/nomacs.profile
@@ -6,10 +6,10 @@ include nomacs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/nomacs
+noblacklist ${HOME}/.config/nomacs
-nodeny  ${HOME}/.local/share/nomacs
+noblacklist ${HOME}/.local/share/nomacs
-nodeny  ${HOME}/.local/share/data/nomacs
+noblacklist ${HOME}/.local/share/data/nomacs
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile
index a3bcc040c..650118c98 100644
--- a/etc/profile-m-z/notify-send.profile
+++ b/etc/profile-m-z/notify-send.profile
@@ -7,7 +7,7 @@ include notify-send.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index b3002ad0e..c7a131a2c 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -7,10 +7,10 @@ include nslookup.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${PATH}/nslookup
+noblacklist ${PATH}/nslookup
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${HOME}/.nslookuprc
+whitelist ${HOME}/.nslookuprc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile
index 67f54f9fc..886403b9e 100644
--- a/etc/profile-m-z/nuclear.profile
+++ b/etc/profile-m-z/nuclear.profile
@@ -8,12 +8,12 @@ include globals.local
 ignore dbus-user
-nodeny  ${HOME}/.config/nuclear
+noblacklist ${HOME}/.config/nuclear
 include disable-shell.inc
 mkdir ${HOME}/.config/nuclear
-allow  ${HOME}/.config/nuclear
+whitelist ${HOME}/.config/nuclear
 no3d
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile
index ee7710b9c..fe0c2116b 100644
--- a/etc/profile-m-z/nylas.profile
+++ b/etc/profile-m-z/nylas.profile
@@ -5,8 +5,8 @@ include nylas.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Nylas Mail
+noblacklist ${HOME}/.config/Nylas Mail
-nodeny  ${HOME}/.nylas-mail
+noblacklist ${HOME}/.nylas-mail
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Nylas Mail
 mkdir ${HOME}/.nylas-mail
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/Nylas Mail
+whitelist ${HOME}/.config/Nylas Mail
-allow  ${HOME}/.nylas-mail
+whitelist ${HOME}/.nylas-mail
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile
index 1d606f70c..d040d42af 100644
--- a/etc/profile-m-z/nyx.profile
+++ b/etc/profile-m-z/nyx.profile
@@ -10,7 +10,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
-nodeny  ${HOME}/.nyx
+noblacklist ${HOME}/.nyx
 include disable-common.inc
 include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.nyx
-allow  ${HOME}/.nyx
+whitelist ${HOME}/.nyx
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile
index f70bdc55a..9345cee4f 100644
--- a/etc/profile-m-z/obs.profile
+++ b/etc/profile-m-z/obs.profile
@@ -5,10 +5,10 @@ include obs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/obs-studio
+noblacklist ${HOME}/.config/obs-studio
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile
index 792c2ffc6..7be68a201 100644
--- a/etc/profile-m-z/ocenaudio.profile
+++ b/etc/profile-m-z/ocenaudio.profile
@@ -6,9 +6,9 @@ include ocenaudio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/ocenaudio
+noblacklist ${HOME}/.local/share/ocenaudio
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile
index 61b71ec10..6163d2e22 100644
--- a/etc/profile-m-z/odt2txt.profile
+++ b/etc/profile-m-z/odt2txt.profile
@@ -6,9 +6,9 @@ include odt2txt.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile
index feeed86cb..ab8ccf623 100644
--- a/etc/profile-m-z/okular.profile
+++ b/etc/profile-m-z/okular.profile
@@ -6,18 +6,18 @@ include okular.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/okular
+noblacklist ${HOME}/.cache/okular
-nodeny  ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/okularrc
-nodeny  ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/kxmlgui5/okular
+noblacklist ${HOME}/.local/share/kxmlgui5/okular
-nodeny  ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/okular
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -28,15 +28,15 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/config.kcfg/gssettings.kcfg
+whitelist /usr/share/config.kcfg/gssettings.kcfg
-allow  /usr/share/config.kcfg/pdfsettings.kcfg
+whitelist /usr/share/config.kcfg/pdfsettings.kcfg
-allow  /usr/share/config.kcfg/okular.kcfg
+whitelist /usr/share/config.kcfg/okular.kcfg
-allow  /usr/share/config.kcfg/okular_core.kcfg
+whitelist /usr/share/config.kcfg/okular_core.kcfg
-allow  /usr/share/ghostscript
+whitelist /usr/share/ghostscript
-allow  /usr/share/kconf_update/okular.upd
+whitelist /usr/share/kconf_update/okular.upd
-allow  /usr/share/kxmlgui5/okular
+whitelist /usr/share/kxmlgui5/okular
-allow  /usr/share/okular
+whitelist /usr/share/okular
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
index 748d17995..5b367b639 100644
--- a/etc/profile-m-z/onboard.profile
+++ b/etc/profile-m-z/onboard.profile
@@ -6,7 +6,7 @@ include onboard.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/onboard
+noblacklist ${HOME}/.config/onboard
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/onboard
-allow  ${HOME}/.config/onboard
+whitelist ${HOME}/.config/onboard
-allow  /usr/share/onboard
+whitelist /usr/share/onboard
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile
index 188818a7f..960df9034 100644
--- a/etc/profile-m-z/onionshare-gui.profile
+++ b/etc/profile-m-z/onionshare-gui.profile
@@ -5,7 +5,7 @@ include onionshare-gui.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/onionshare
+noblacklist ${HOME}/.config/onionshare
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile
index 6e2b31def..7a840d4a9 100644
--- a/etc/profile-m-z/open-invaders.profile
+++ b/etc/profile-m-z/open-invaders.profile
@@ -6,7 +6,7 @@ include open-invaders.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.openinvaders
+noblacklist ${HOME}/.openinvaders
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.openinvaders
-allow  ${HOME}/.openinvaders
+whitelist ${HOME}/.openinvaders
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index dfc78e5a9..36ce0316f 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -6,7 +6,7 @@ include openarena.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.openarena
+noblacklist ${HOME}/.openarena
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.openarena
-allow  ${HOME}/.openarena
+whitelist ${HOME}/.openarena
-allow  /usr/share/openarena
+whitelist /usr/share/openarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile
index 5a6b378f0..b49fd9932 100644
--- a/etc/profile-m-z/openbox.profile
+++ b/etc/profile-m-z/openbox.profile
@@ -7,7 +7,7 @@ include openbox.local
 include globals.local
 # all applications started in openbox will run in this profile
-nodeny  ${HOME}/.config/openbox
+noblacklist ${HOME}/.config/openbox
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile
index 268e7cee3..a3d371e15 100644
--- a/etc/profile-m-z/opencity.profile
+++ b/etc/profile-m-z/opencity.profile
@@ -6,7 +6,7 @@ include opencity.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.opencity
+noblacklist ${HOME}/.opencity
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.opencity
-allow  ${HOME}/.opencity
+whitelist ${HOME}/.opencity
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile
index 588191cb3..32b40df42 100644
--- a/etc/profile-m-z/openclonk.profile
+++ b/etc/profile-m-z/openclonk.profile
@@ -6,7 +6,7 @@ include openclonk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.clonk
+noblacklist ${HOME}/.clonk
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.clonk
-allow  ${HOME}/.clonk
+whitelist ${HOME}/.clonk
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index 95d507c98..d1fe67aed 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -6,8 +6,8 @@ include openmw.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/openmw
+noblacklist ${HOME}/.config/openmw
-nodeny  ${HOME}/.local/share/openmw
+noblacklist ${HOME}/.local/share/openmw
 include disable-common.inc
 include disable-devel.inc
@@ -21,11 +21,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/openmw
 mkdir ${HOME}/.local/share/openmw
-allow  ${HOME}/.config/openmw
+whitelist ${HOME}/.config/openmw
 # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt.
 # Alternatively you can whitelist custom paths in your openmw.local.
-allow  ${HOME}/.local/share/openmw
+whitelist ${HOME}/.local/share/openmw
-allow  /usr/share/openmw
+whitelist /usr/share/openmw
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile
index ebb536b3e..6118630c4 100644
--- a/etc/profile-m-z/openshot.profile
+++ b/etc/profile-m-z/openshot.profile
@@ -6,8 +6,8 @@ include openshot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.openshot
+noblacklist ${HOME}/.openshot
-nodeny  ${HOME}/.openshot_qt
+noblacklist ${HOME}/.openshot_qt
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/blender
+whitelist /usr/share/blender
-allow  /usr/share/inkscape
+whitelist /usr/share/inkscape
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile
index 79c1f8ffa..546958bb7 100644
--- a/etc/profile-m-z/openttd.profile
+++ b/etc/profile-m-z/openttd.profile
@@ -6,7 +6,7 @@ include openttd.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.openttd
+noblacklist ${HOME}/.openttd
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.openttd
-allow  ${HOME}/.openttd
+whitelist ${HOME}/.openttd
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile
index 548afc0b4..551f1aba4 100644
--- a/etc/profile-m-z/opera-beta.profile
+++ b/etc/profile-m-z/opera-beta.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/opera
+noblacklist ${HOME}/.cache/opera
-nodeny  ${HOME}/.config/opera-beta
+noblacklist ${HOME}/.config/opera-beta
 mkdir ${HOME}/.cache/opera
 mkdir ${HOME}/.config/opera-beta
-allow  ${HOME}/.cache/opera
+whitelist ${HOME}/.cache/opera
-allow  ${HOME}/.config/opera-beta
+whitelist ${HOME}/.config/opera-beta
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile
index 5a3fe064e..2c7c5fc35 100644
--- a/etc/profile-m-z/opera.profile
+++ b/etc/profile-m-z/opera.profile
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/opera
+noblacklist ${HOME}/.cache/opera
-nodeny  ${HOME}/.config/opera
+noblacklist ${HOME}/.config/opera
-nodeny  ${HOME}/.opera
+noblacklist ${HOME}/.opera
 mkdir ${HOME}/.cache/opera
 mkdir ${HOME}/.config/opera
 mkdir ${HOME}/.opera
-allow  ${HOME}/.cache/opera
+whitelist ${HOME}/.cache/opera
-allow  ${HOME}/.config/opera
+whitelist ${HOME}/.config/opera
-allow  ${HOME}/.opera
+whitelist ${HOME}/.opera
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile
index a49cbdb91..4e4d8bea5 100644
--- a/etc/profile-m-z/orage.profile
+++ b/etc/profile-m-z/orage.profile
@@ -6,8 +6,8 @@ include orage.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/orage
+noblacklist ${HOME}/.config/orage
-nodeny  ${HOME}/.local/share/orage
+noblacklist ${HOME}/.local/share/orage
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile
index ed881816e..310b90919 100644
--- a/etc/profile-m-z/ostrichriders.profile
+++ b/etc/profile-m-z/ostrichriders.profile
@@ -6,7 +6,7 @@ include ostrichriders.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ostrichriders
+noblacklist ${HOME}/.ostrichriders
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.ostrichriders
-allow  ${HOME}/.ostrichriders
+whitelist ${HOME}/.ostrichriders
-allow  /usr/share/ostrichriders
+whitelist /usr/share/ostrichriders
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index bc9e730a1..20a4e25ed 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -8,10 +8,10 @@ include globals.local
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/Otter
+noblacklist ${HOME}/.cache/Otter
-nodeny  ${HOME}/.config/otter
+noblacklist ${HOME}/.config/otter
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter
 mkdir ${HOME}/.config/otter
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/Otter
+whitelist ${HOME}/.cache/Otter
-allow  ${HOME}/.config/otter
+whitelist ${HOME}/.config/otter
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
-allow  /usr/share/otter-browser
+whitelist /usr/share/otter-browser
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile
index 503c141d8..acb2ce176 100644
--- a/etc/profile-m-z/palemoon.profile
+++ b/etc/profile-m-z/palemoon.profile
@@ -5,13 +5,13 @@ include palemoon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/moonchild productions/pale moon
+noblacklist ${HOME}/.cache/moonchild productions/pale moon
-nodeny  ${HOME}/.moonchild productions/pale moon
+noblacklist ${HOME}/.moonchild productions/pale moon
 mkdir ${HOME}/.cache/moonchild productions/pale moon
 mkdir ${HOME}/.moonchild productions
-allow  ${HOME}/.cache/moonchild productions/pale moon
+whitelist ${HOME}/.cache/moonchild productions/pale moon
-allow  ${HOME}/.moonchild productions
+whitelist ${HOME}/.moonchild productions
 # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile
index a59f53298..513b4119e 100644
--- a/etc/profile-m-z/pandoc.profile
+++ b/etc/profile-m-z/pandoc.profile
@@ -7,9 +7,9 @@ include pandoc.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile
index a277d1cbc..0a4422a73 100644
--- a/etc/profile-m-z/parole.profile
+++ b/etc/profile-m-z/parole.profile
@@ -6,8 +6,8 @@ include parole.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile
index 156c3956d..0de968185 100644
--- a/etc/profile-m-z/patch.profile
+++ b/etc/profile-m-z/patch.profile
@@ -7,9 +7,9 @@ include patch.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile
index dcd69cdd0..f96ba14d2 100644
--- a/etc/profile-m-z/pavucontrol-qt.profile
+++ b/etc/profile-m-z/pavucontrol-qt.profile
@@ -7,10 +7,10 @@ include pavucontrol-qt.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.config/pavucontrol-qt
+noblacklist ${HOME}/.config/pavucontrol-qt
 mkdir ${HOME}/.config/pavucontrol-qt
-allow  ${HOME}/.config/pavucontrol-qt
+whitelist ${HOME}/.config/pavucontrol-qt
 private-bin pavucontrol-qt
 ignore private-lib
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile
index f44730c33..b46fb3026 100644
--- a/etc/profile-m-z/pavucontrol.profile
+++ b/etc/profile-m-z/pavucontrol.profile
@@ -6,7 +6,7 @@ include pavucontrol.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/pavucontrol.ini
+noblacklist ${HOME}/.config/pavucontrol.ini
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 # whitelisting in ${HOME} is broken, see #3112
 #mkfile ${HOME}/.config/pavucontrol.ini
 #whitelist ${HOME}/.config/pavucontrol.ini
-allow  /usr/share/pavucontrol
+whitelist /usr/share/pavucontrol
-allow  /usr/share/pavucontrol-qt
+whitelist /usr/share/pavucontrol-qt
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
index 3f920ced8..a6dab2a9a 100644
--- a/etc/profile-m-z/pcsxr.profile
+++ b/etc/profile-m-z/pcsxr.profile
@@ -8,7 +8,7 @@ include globals.local
 # Note: you must whitelist your games folder in your pcsxr.local
-nodeny  ${HOME}/.pcsxr
+noblacklist ${HOME}/.pcsxr
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 mkdir ${HOME}/.pcsxr
-allow  ${HOME}/.pcsxr
+whitelist ${HOME}/.pcsxr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile
index 13a011072..d72417914 100644
--- a/etc/profile-m-z/pdfchain.profile
+++ b/etc/profile-m-z/pdfchain.profile
@@ -5,7 +5,7 @@ include pdfchain.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile
index e49ce8073..a19826555 100644
--- a/etc/profile-m-z/pdfmod.profile
+++ b/etc/profile-m-z/pdfmod.profile
@@ -6,9 +6,9 @@ include pdfmod.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/pdfmod
+noblacklist ${HOME}/.cache/pdfmod
-nodeny  ${HOME}/.config/pdfmod
+noblacklist ${HOME}/.config/pdfmod
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile
index 67c14bbc3..e2808d4d2 100644
--- a/etc/profile-m-z/pdfsam.profile
+++ b/etc/profile-m-z/pdfsam.profile
@@ -6,7 +6,7 @@ include pdfsam.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile
index 1c7ebfad5..d3902a51c 100644
--- a/etc/profile-m-z/pdftotext.profile
+++ b/etc/profile-m-z/pdftotext.profile
@@ -6,9 +6,9 @@ include pdftotext.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index e809625ad..c33953687 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -5,9 +5,9 @@ include peek.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/peek
+noblacklist ${HOME}/.cache/peek
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile
index 5ebd7b462..f5ad0321d 100644
--- a/etc/profile-m-z/penguin-command.profile
+++ b/etc/profile-m-z/penguin-command.profile
@@ -6,7 +6,7 @@ include penguin-command.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.penguin-command
+noblacklist ${HOME}/.penguin-command
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-allow  ${HOME}/.penguin-command
+whitelist ${HOME}/.penguin-command
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile
index 8dd506850..40068ff78 100644
--- a/etc/profile-m-z/photoflare.profile
+++ b/etc/profile-m-z/photoflare.profile
@@ -6,7 +6,7 @@ include photoflare.local
 # Persistent global definitions
 include photoflare.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile
index ac178ee6c..a5ea47088 100644
--- a/etc/profile-m-z/picard.profile
+++ b/etc/profile-m-z/picard.profile
@@ -6,9 +6,9 @@ include picard.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/MusicBrainz
+noblacklist ${HOME}/.cache/MusicBrainz
-nodeny  ${HOME}/.config/MusicBrainz
+noblacklist ${HOME}/.config/MusicBrainz
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile
index a65abeb2e..26872e9a1 100644
--- a/etc/profile-m-z/pidgin.profile
+++ b/etc/profile-m-z/pidgin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore noexec ${RUNUSER}
 ignore noexec /dev/shm
-nodeny  ${HOME}/.purple
+noblacklist ${HOME}/.purple
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.purple
-allow  ${HOME}/.purple
+whitelist ${HOME}/.purple
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile
index 41e4fb6c0..2e17be2ce 100644
--- a/etc/profile-m-z/pinball.profile
+++ b/etc/profile-m-z/pinball.profile
@@ -6,7 +6,7 @@ include pinball.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/emilia
+noblacklist ${HOME}/.config/emilia
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/emilia
-allow  ${HOME}/.config/emilia
+whitelist ${HOME}/.config/emilia
-allow  /usr/share/pinball
+whitelist /usr/share/pinball
 # on debian games are stored under /usr/share/games
-allow  /usr/share/games/pinball
+whitelist /usr/share/games/pinball
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index 65e77abfa..e914007c0 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -7,8 +7,8 @@ include ping.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index aa2cfe203..f1fdfcbad 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -6,12 +6,12 @@ include pingus.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.pingus
+noblacklist ${HOME}/.pingus
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.pingus
-allow  ${HOME}/.pingus
+whitelist ${HOME}/.pingus
-allow  /usr/share/pingus
+whitelist /usr/share/pingus
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile
index d0d4f1fce..19406c399 100644
--- a/etc/profile-m-z/pinta.profile
+++ b/etc/profile-m-z/pinta.profile
@@ -6,9 +6,9 @@ include pinta.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Pinta
+noblacklist ${HOME}/.config/Pinta
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile
index 6cfea28b6..721b3944a 100644
--- a/etc/profile-m-z/pioneer.profile
+++ b/etc/profile-m-z/pioneer.profile
@@ -6,7 +6,7 @@ include pioneer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.pioneer
+noblacklist ${HOME}/.pioneer
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.pioneer
-allow  ${HOME}/.pioneer
+whitelist ${HOME}/.pioneer
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile
index acd7eeaf2..3de064311 100644
--- a/etc/profile-m-z/pipe-viewer.profile
+++ b/etc/profile-m-z/pipe-viewer.profile
@@ -7,13 +7,13 @@ include pipe-viewer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/pipe-viewer
+noblacklist ${HOME}/.cache/pipe-viewer
-nodeny  ${HOME}/.config/pipe-viewer
+noblacklist ${HOME}/.config/pipe-viewer
 mkdir ${HOME}/.config/pipe-viewer
 mkdir ${HOME}/.cache/pipe-viewer
-allow  ${HOME}/.cache/pipe-viewer
+whitelist ${HOME}/.cache/pipe-viewer
-allow  ${HOME}/.config/pipe-viewer
+whitelist ${HOME}/.config/pipe-viewer
 private-bin gtk-pipe-viewer,pipe-viewer
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile
index abce4c911..a2dd809c4 100644
--- a/etc/profile-m-z/pitivi.profile
+++ b/etc/profile-m-z/pitivi.profile
@@ -6,7 +6,7 @@ include pitivi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/pitivi
+noblacklist ${HOME}/.config/pitivi
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile
index 63451d352..81d3e9370 100644
--- a/etc/profile-m-z/pix.profile
+++ b/etc/profile-m-z/pix.profile
@@ -5,10 +5,10 @@ include pix.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/pix
+noblacklist ${HOME}/.config/pix
-nodeny  ${HOME}/.local/share/pix
+noblacklist ${HOME}/.local/share/pix
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
index 13d7db7f7..4eb41b3bd 100644
--- a/etc/profile-m-z/pkglog.profile
+++ b/etc/profile-m-z/pkglog.profile
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /var/log/apt/history.log
+whitelist /var/log/apt/history.log
-allow  /var/log/dnf.rpm.log
+whitelist /var/log/dnf.rpm.log
-allow  /var/log/pacman.log
+whitelist /var/log/pacman.log
 apparmor
 caps.drop all
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile
index 9c23841e2..8e98905b5 100644
--- a/etc/profile-m-z/playonlinux.profile
+++ b/etc/profile-m-z/playonlinux.profile
@@ -7,10 +7,10 @@ include playonlinux.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.PlayOnLinux
+noblacklist ${HOME}/.PlayOnLinux
 # nc is needed to run playonlinux
-nodeny  ${PATH}/nc
+noblacklist ${PATH}/nc
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile
index ab7e0c64b..10e12e5b1 100644
--- a/etc/profile-m-z/pluma.profile
+++ b/etc/profile-m-z/pluma.profile
@@ -6,8 +6,8 @@ include pluma.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
-nodeny  ${HOME}/.config/pluma
+noblacklist ${HOME}/.config/pluma
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile
index 02cb83ef6..5201fd853 100644
--- a/etc/profile-m-z/plv.profile
+++ b/etc/profile-m-z/plv.profile
@@ -6,7 +6,7 @@ include plv.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/PacmanLogViewer
+noblacklist ${HOME}/.config/PacmanLogViewer
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/PacmanLogViewer
-allow  ${HOME}/.config/PacmanLogViewer
+whitelist ${HOME}/.config/PacmanLogViewer
-allow  /var/log/pacman.log
+whitelist /var/log/pacman.log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile
index 2c4dda43e..8a181d5a8 100644
--- a/etc/profile-m-z/pngquant.profile
+++ b/etc/profile-m-z/pngquant.profile
@@ -7,9 +7,9 @@ include pngquant.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile
index 115ac36ab..a3d4f9851 100644
--- a/etc/profile-m-z/polari.profile
+++ b/etc/profile-m-z/polari.profile
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy
 mkdir ${HOME}/.local/share/TpLogger
 mkdir ${HOME}/.local/share/telepathy
 mkdir ${HOME}/.purple
-allow  ${HOME}/.cache/telepathy
+whitelist ${HOME}/.cache/telepathy
-allow  ${HOME}/.config/telepathy-account-widgets
+whitelist ${HOME}/.config/telepathy-account-widgets
-allow  ${HOME}/.local/share/Empathy
+whitelist ${HOME}/.local/share/Empathy
-allow  ${HOME}/.local/share/TpLogger
+whitelist ${HOME}/.local/share/TpLogger
-allow  ${HOME}/.local/share/telepathy
+whitelist ${HOME}/.local/share/telepathy
-allow  ${HOME}/.purple
+whitelist ${HOME}/.purple
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index 10c59ea32..1f73c1d89 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -8,7 +8,7 @@ include globals.local
 # Note: you must whitelist your games folder in your ppsspp.local.
-nodeny  ${HOME}/.config/ppsspp
+noblacklist ${HOME}/.config/ppsspp
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/ppsspp
-allow  ${HOME}/.config/ppsspp
+whitelist ${HOME}/.config/ppsspp
-allow  /usr/share/ppsspp
+whitelist /usr/share/ppsspp
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile
index 9b03bf632..f138d785e 100644
--- a/etc/profile-m-z/pragha.profile
+++ b/etc/profile-m-z/pragha.profile
@@ -6,8 +6,8 @@ include pragha.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/pragha
+noblacklist ${HOME}/.config/pragha
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile
index 137b4cb20..743458725 100644
--- a/etc/profile-m-z/profanity.profile
+++ b/etc/profile-m-z/profanity.profile
@@ -7,8 +7,8 @@ include profanity.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/profanity
+noblacklist ${HOME}/.config/profanity
-nodeny  ${HOME}/.local/share/profanity
+noblacklist ${HOME}/.local/share/profanity
 # Allow Python
 include allow-python2.inc
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile
index b0e28baf7..5ac58b0ac 100644
--- a/etc/profile-m-z/psi-plus.profile
+++ b/etc/profile-m-z/psi-plus.profile
@@ -6,8 +6,8 @@ include psi-plus.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/psi+
+noblacklist ${HOME}/.config/psi+
-nodeny  ${HOME}/.local/share/psi+
+noblacklist ${HOME}/.local/share/psi+
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/psi+
 mkdir ${HOME}/.config/psi+
 mkdir ${HOME}/.local/share/psi+
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/psi+
+whitelist ${HOME}/.cache/psi+
-allow  ${HOME}/.config/psi+
+whitelist ${HOME}/.config/psi+
-allow  ${HOME}/.local/share/psi+
+whitelist ${HOME}/.local/share/psi+
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index 2588c3b75..7e0ef99fc 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -8,11 +8,11 @@ include globals.local
 # Add the next line to your psi.local to enable GPG support.
 #noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.cache/psi
+noblacklist ${HOME}/.cache/psi
-nodeny  ${HOME}/.cache/Psi
+noblacklist ${HOME}/.cache/Psi
-nodeny  ${HOME}/.config/psi
+noblacklist ${HOME}/.config/psi
-nodeny  ${HOME}/.local/share/psi
+noblacklist ${HOME}/.local/share/psi
-nodeny  ${HOME}/.local/share/Psi
+noblacklist ${HOME}/.local/share/Psi
 include disable-common.inc
 include disable-devel.inc
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi
 mkdir ${HOME}/.local/share/Psi
 # Add the next line to your psi.local to enable GPG support.
 #whitelist ${HOME}/.gnupg
-allow  ${HOME}/.cache/psi
+whitelist ${HOME}/.cache/psi
-allow  ${HOME}/.cache/Psi
+whitelist ${HOME}/.cache/Psi
-allow  ${HOME}/.config/psi
+whitelist ${HOME}/.config/psi
-allow  ${HOME}/.local/share/psi
+whitelist ${HOME}/.local/share/psi
-allow  ${HOME}/.local/share/Psi
+whitelist ${HOME}/.local/share/Psi
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 # Add the next lines to your psi.local to enable GPG support.
 #whitelist /usr/share/gnupg
 #whitelist /usr/share/gnupg2
-allow  /usr/share/psi
+whitelist /usr/share/psi
 # Add the next lines to your psi.local to enable GPG support.
 #whitelist ${RUNUSER}/gnupg
 #whitelist ${RUNUSER}/keyring
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile
index 1f0e83ab6..60ae37930 100644
--- a/etc/profile-m-z/pybitmessage.profile
+++ b/etc/profile-m-z/pybitmessage.profile
@@ -5,9 +5,9 @@ include pybitmessage.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/local/sbin
+noblacklist /usr/local/sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile
index b6c08290e..00d7239ae 100644
--- a/etc/profile-m-z/pycharm-community.profile
+++ b/etc/profile-m-z/pycharm-community.profile
@@ -5,7 +5,7 @@ include pycharm-community.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.PyCharmCE*
+noblacklist ${HOME}/.PyCharmCE*
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile
index fa0932cc0..b754a18c9 100644
--- a/etc/profile-m-z/pycharm-professional.profile
+++ b/etc/profile-m-z/pycharm-professional.profile
@@ -6,7 +6,7 @@ include pyucharm-professional.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.PyCharm*
+noblacklist ${HOME}/.PyCharm*
 # Redirect
 include pycharm-community.profile
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile
index fb8e622b0..506b738cc 100644
--- a/etc/profile-m-z/qbittorrent.profile
+++ b/etc/profile-m-z/qbittorrent.profile
@@ -6,10 +6,10 @@ include qbittorrent.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/qBittorrent
+noblacklist ${HOME}/.cache/qBittorrent
-nodeny  ${HOME}/.config/qBittorrent
+noblacklist ${HOME}/.config/qBittorrent
-nodeny  ${HOME}/.config/qBittorrentrc
+noblacklist ${HOME}/.config/qBittorrentrc
-nodeny  ${HOME}/.local/share/data/qBittorrent
+noblacklist ${HOME}/.local/share/data/qBittorrent
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent
 mkdir ${HOME}/.config/qBittorrent
 mkfile ${HOME}/.config/qBittorrentrc
 mkdir ${HOME}/.local/share/data/qBittorrent
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/qBittorrent
+whitelist ${HOME}/.cache/qBittorrent
-allow  ${HOME}/.config/qBittorrent
+whitelist ${HOME}/.config/qBittorrent
-allow  ${HOME}/.config/qBittorrentrc
+whitelist ${HOME}/.config/qBittorrentrc
-allow  ${HOME}/.local/share/data/qBittorrent
+whitelist ${HOME}/.local/share/data/qBittorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
index 7bcc4b065..0e52d7fc4 100644
--- a/etc/profile-m-z/qcomicbook.profile
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -6,10 +6,10 @@ include qcomicbook.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/PawelStolowski
+noblacklist ${HOME}/.cache/PawelStolowski
-nodeny  ${HOME}/.config/PawelStolowski
+noblacklist ${HOME}/.config/PawelStolowski
-nodeny  ${HOME}/.local/share/PawelStolowski
+noblacklist ${HOME}/.local/share/PawelStolowski
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -27,7 +27,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/PawelStolowski
 mkdir ${HOME}/.config/PawelStolowski
 mkdir ${HOME}/.local/share/PawelStolowski
-allow  /usr/share/qcomicbook
+whitelist /usr/share/qcomicbook
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile
index d527a2b82..ac60384fd 100644
--- a/etc/profile-m-z/qemu-launcher.profile
+++ b/etc/profile-m-z/qemu-launcher.profile
@@ -5,7 +5,7 @@ include qemu-launcher.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.qemu-launcher
+noblacklist ${HOME}/.qemu-launcher
 include disable-common.inc
 include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile
index e99140c22..2e97daea2 100644
--- a/etc/profile-m-z/qgis.profile
+++ b/etc/profile-m-z/qgis.profile
@@ -6,10 +6,10 @@ include qgis.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/QGIS
+noblacklist ${HOME}/.config/QGIS
-nodeny  ${HOME}/.local/share/QGIS
+noblacklist ${HOME}/.local/share/QGIS
-nodeny  ${HOME}/.qgis2
+noblacklist ${HOME}/.qgis2
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -25,10 +25,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/QGIS
 mkdir ${HOME}/.qgis2
 mkdir ${HOME}/.config/QGIS
-allow  ${HOME}/.local/share/QGIS
+whitelist ${HOME}/.local/share/QGIS
-allow  ${HOME}/.qgis2
+whitelist ${HOME}/.qgis2
-allow  ${HOME}/.config/QGIS
+whitelist ${HOME}/.config/QGIS
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile
index 75dc58ae4..6e94d5845 100644
--- a/etc/profile-m-z/qlipper.profile
+++ b/etc/profile-m-z/qlipper.profile
@@ -6,7 +6,7 @@ include qlipper.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Qlipper
+noblacklist ${HOME}/.config/Qlipper
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile
index d37fce997..c3d982c17 100644
--- a/etc/profile-m-z/qmmp.profile
+++ b/etc/profile-m-z/qmmp.profile
@@ -6,8 +6,8 @@ include qmmp.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.qmmp
+noblacklist ${HOME}/.qmmp
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile
index f12340052..ca11df5be 100644
--- a/etc/profile-m-z/qnapi.profile
+++ b/etc/profile-m-z/qnapi.profile
@@ -6,7 +6,7 @@ include qnapi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/qnapi.ini
+noblacklist ${HOME}/.config/qnapi.ini
 ignore noexec /tmp
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.config/qnapi.ini
-allow  ${HOME}/.config/qnapi.ini
+whitelist ${HOME}/.config/qnapi.ini
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile
index 62fae324c..be690ffa4 100644
--- a/etc/profile-m-z/qpdfview.profile
+++ b/etc/profile-m-z/qpdfview.profile
@@ -6,9 +6,9 @@ include qpdfview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.config/qpdfview
-nodeny  ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.local/share/qpdfview
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile
index 5f0aec804..6cbf8519f 100644
--- a/etc/profile-m-z/qrencode.profile
+++ b/etc/profile-m-z/qrencode.profile
@@ -7,7 +7,7 @@ include qrencode.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile
index 1ad46814e..8ffe24d11 100644
--- a/etc/profile-m-z/qtox.profile
+++ b/etc/profile-m-z/qtox.profile
@@ -6,8 +6,8 @@ include qtox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Tox
+noblacklist ${HOME}/.cache/Tox
-nodeny  ${HOME}/.config/tox
+noblacklist ${HOME}/.config/tox
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/tox
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/tox
+whitelist ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile
index aee24925c..91e0d9d0d 100644
--- a/etc/profile-m-z/quadrapassel.profile
+++ b/etc/profile-m-z/quadrapassel.profile
@@ -6,11 +6,11 @@ include quadrapassel.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/quadrapassel
+noblacklist ${HOME}/.local/share/quadrapassel
 mkdir ${HOME}/.local/share/quadrapassel
-allow  ${HOME}/.local/share/quadrapassel
+whitelist ${HOME}/.local/share/quadrapassel
-allow  /usr/share/quadrapassel
+whitelist /usr/share/quadrapassel
 private-bin quadrapassel
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
index a319e1e12..1d146aa39 100644
--- a/etc/profile-m-z/quaternion.profile
+++ b/etc/profile-m-z/quaternion.profile
@@ -6,8 +6,8 @@ include quaternion.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Quotient/quaternion
+noblacklist ${HOME}/.cache/Quotient/quaternion
-nodeny  ${HOME}/.config/Quotient
+noblacklist ${HOME}/.config/Quotient
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Quotient/quaternion
 mkdir ${HOME}/.config/Quotient
-allow  ${HOME}/.cache/Quotient/quaternion
+whitelist ${HOME}/.cache/Quotient/quaternion
-allow  ${HOME}/.config/Quotient
+whitelist ${HOME}/.config/Quotient
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/Quotient/quaternion
+whitelist /usr/share/Quotient/quaternion
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile
index 2693f2ed5..9490089b2 100644
--- a/etc/profile-m-z/quiterss.profile
+++ b/etc/profile-m-z/quiterss.profile
@@ -6,10 +6,10 @@ include quiterss.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/QuiteRss
+noblacklist ${HOME}/.cache/QuiteRss
-nodeny  ${HOME}/.config/QuiteRss
+noblacklist ${HOME}/.config/QuiteRss
-nodeny  ${HOME}/.config/QuiteRssrc
+noblacklist ${HOME}/.config/QuiteRssrc
-nodeny  ${HOME}/.local/share/QuiteRss
+noblacklist ${HOME}/.local/share/QuiteRss
 include disable-common.inc
 include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data
 mkdir ${HOME}/.local/share/data/QuiteRss
 mkdir ${HOME}/.local/share/QuiteRss
 mkfile ${HOME}/quiterssfeeds.opml
-allow  ${HOME}/.cache/QuiteRss
+whitelist ${HOME}/.cache/QuiteRss
-allow  ${HOME}/.config/QuiteRss
+whitelist ${HOME}/.config/QuiteRss
-allow  ${HOME}/.config/QuiteRssrc
+whitelist ${HOME}/.config/QuiteRssrc
-allow  ${HOME}/.local/share/data/QuiteRss
+whitelist ${HOME}/.local/share/data/QuiteRss
-allow  ${HOME}/.local/share/QuiteRss
+whitelist ${HOME}/.local/share/QuiteRss
-allow  ${HOME}/quiterssfeeds.opml
+whitelist ${HOME}/quiterssfeeds.opml
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile
index 52c120c08..92b02b2bf 100644
--- a/etc/profile-m-z/quodlibet.profile
+++ b/etc/profile-m-z/quodlibet.profile
@@ -6,10 +6,10 @@ include quodlibet.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/quodlibet
+noblacklist ${HOME}/.cache/quodlibet
-nodeny  ${HOME}/.config/quodlibet
+noblacklist ${HOME}/.config/quodlibet
-nodeny  ${HOME}/.quodlibet
+noblacklist ${HOME}/.quodlibet
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include allow-bin-sh.inc
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet
 mkdir ${HOME}/.config/quodlibet
 mkdir ${HOME}/.quodlibet
-allow  ${HOME}/.cache/quodlibet
+whitelist ${HOME}/.cache/quodlibet
-allow  ${HOME}/.config/quodlibet
+whitelist ${HOME}/.config/quodlibet
-allow  ${HOME}/.quodlibet
+whitelist ${HOME}/.quodlibet
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${MUSIC}
+whitelist ${MUSIC}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile
index 9bc91808b..7aa71c848 100644
--- a/etc/profile-m-z/qupzilla.profile
+++ b/etc/profile-m-z/qupzilla.profile
@@ -6,8 +6,8 @@ include qupzilla.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/qupzilla
+noblacklist ${HOME}/.cache/qupzilla
-nodeny  ${HOME}/.config/qupzilla
+noblacklist ${HOME}/.config/qupzilla
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/qupzilla
 mkdir ${HOME}/.config/qupzilla
-allow  ${HOME}/.cache/qupzilla
+whitelist ${HOME}/.cache/qupzilla
-allow  ${HOME}/.config/qupzilla
+whitelist ${HOME}/.config/qupzilla
 # Redirect
 include falkon.profile
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile
index a342e2acd..fc910b589 100644
--- a/etc/profile-m-z/qutebrowser.profile
+++ b/etc/profile-m-z/qutebrowser.profile
@@ -6,9 +6,9 @@ include qutebrowser.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/qutebrowser
+noblacklist ${HOME}/.cache/qutebrowser
-nodeny  ${HOME}/.config/qutebrowser
+noblacklist ${HOME}/.config/qutebrowser
-nodeny  ${HOME}/.local/share/qutebrowser
+noblacklist ${HOME}/.local/share/qutebrowser
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,10 +22,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/qutebrowser
 mkdir ${HOME}/.config/qutebrowser
 mkdir ${HOME}/.local/share/qutebrowser
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/qutebrowser
+whitelist ${HOME}/.cache/qutebrowser
-allow  ${HOME}/.config/qutebrowser
+whitelist ${HOME}/.config/qutebrowser
-allow  ${HOME}/.local/share/qutebrowser
+whitelist ${HOME}/.local/share/qutebrowser
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile
index b1059cee8..ffa2022ee 100644
--- a/etc/profile-m-z/rambox.profile
+++ b/etc/profile-m-z/rambox.profile
@@ -6,9 +6,9 @@ include rambox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Rambox
+noblacklist ${HOME}/.config/Rambox
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Rambox
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/Rambox
+whitelist ${HOME}/.config/Rambox
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile
index 3b56f651f..9bc196a16 100644
--- a/etc/profile-m-z/redeclipse.profile
+++ b/etc/profile-m-z/redeclipse.profile
@@ -6,7 +6,7 @@ include redeclipse.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.redeclipse
+noblacklist ${HOME}/.redeclipse
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.redeclipse
-allow  ${HOME}/.redeclipse
+whitelist ${HOME}/.redeclipse
-allow  /usr/share/redeclipse
+whitelist /usr/share/redeclipse
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile
index 3035e1d74..f87c5f67c 100644
--- a/etc/profile-m-z/redshift.profile
+++ b/etc/profile-m-z/redshift.profile
@@ -7,8 +7,8 @@ include redshift.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/redshift
+noblacklist ${HOME}/.config/redshift
-nodeny  ${HOME}/.config/redshift.conf
+noblacklist ${HOME}/.config/redshift.conf
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/redshift
-allow  ${HOME}/.config/redshift
+whitelist ${HOME}/.config/redshift
-allow  ${HOME}/.config/redshift.conf
+whitelist ${HOME}/.config/redshift.conf
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile
index 82feafab9..f5131c5d0 100644
--- a/etc/profile-m-z/regextester.profile
+++ b/etc/profile-m-z/regextester.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/com.github.artemanufrij.regextester
+whitelist /usr/share/com.github.artemanufrij.regextester
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile
index 3f385f602..aca22f187 100644
--- a/etc/profile-m-z/remmina.profile
+++ b/etc/profile-m-z/remmina.profile
@@ -6,9 +6,9 @@ include remmina.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.remmina
+noblacklist ${HOME}/.remmina
-nodeny  ${HOME}/.config/remmina
+noblacklist ${HOME}/.config/remmina
-nodeny  ${HOME}/.local/share/remmina
+noblacklist ${HOME}/.local/share/remmina
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile
index c532d3dc1..970e8ffba 100644
--- a/etc/profile-m-z/rhythmbox.profile
+++ b/etc/profile-m-z/rhythmbox.profile
@@ -6,9 +6,9 @@ include rhythmbox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${HOME}/.cache/rhythmbox
+noblacklist ${HOME}/.cache/rhythmbox
-nodeny  ${HOME}/.local/share/rhythmbox
+noblacklist ${HOME}/.local/share/rhythmbox
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -26,10 +26,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/rhythmbox
+whitelist /usr/share/rhythmbox
-allow  /usr/share/lua
+whitelist /usr/share/lua
-allow  /usr/share/libquvi-scripts
+whitelist /usr/share/libquvi-scripts
-allow  /usr/share/tracker
+whitelist /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile
index c3ee57ef3..b664a2be3 100644
--- a/etc/profile-m-z/ricochet.profile
+++ b/etc/profile-m-z/ricochet.profile
@@ -5,7 +5,7 @@ include ricochet.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/Ricochet
+noblacklist ${HOME}/.local/share/Ricochet
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.local/share/Ricochet
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.local/share/Ricochet
+whitelist ${HOME}/.local/share/Ricochet
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile
index 782396a50..687c943b0 100644
--- a/etc/profile-m-z/riot-web.profile
+++ b/etc/profile-m-z/riot-web.profile
@@ -8,11 +8,11 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Riot
+noblacklist ${HOME}/.config/Riot
 mkdir ${HOME}/.config/Riot
-allow  ${HOME}/.config/Riot
+whitelist ${HOME}/.config/Riot
-allow  /usr/share/webapps/element
+whitelist /usr/share/webapps/element
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile
index c97ac8090..be815e714 100644
--- a/etc/profile-m-z/ripperx.profile
+++ b/etc/profile-m-z/ripperx.profile
@@ -6,8 +6,8 @@ include ripperx.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ripperXrc
+noblacklist ${HOME}/.ripperXrc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile
index 109d2f8f1..5572cab5a 100644
--- a/etc/profile-m-z/ristretto.profile
+++ b/etc/profile-m-z/ristretto.profile
@@ -6,9 +6,9 @@ include ristretto.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ristretto
+noblacklist ${HOME}/.config/ristretto
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile
index 1a76c4211..8d3607c75 100644
--- a/etc/profile-m-z/rocketchat.profile
+++ b/etc/profile-m-z/rocketchat.profile
@@ -21,10 +21,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
-nodeny  ${HOME}/.config/Rocket.Chat
+noblacklist ${HOME}/.config/Rocket.Chat
 mkdir ${HOME}/.config/Rocket.Chat
-allow  ${HOME}/.config/Rocket.Chat
+whitelist ${HOME}/.config/Rocket.Chat
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 4807b7d36..690b44bb1 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -11,8 +11,8 @@ include globals.local
 # not as a daemon (rsync --daemon) nor to create backups.
 # Usage: firejail --profile=rsync-download_only rsync
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile
index 6b7d6b155..cc6db5043 100644
--- a/etc/profile-m-z/rtv-addons.profile
+++ b/etc/profile-m-z/rtv-addons.profile
@@ -11,16 +11,16 @@ ignore nosound
 ignore private-bin
 ignore dbus-user none
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.mailcap
+noblacklist ${HOME}/.mailcap
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-allow  ${HOME}/.config/mpv
+whitelist ${HOME}/.config/mpv
-allow  ${HOME}/.mailcap
+whitelist ${HOME}/.mailcap
-allow  ${HOME}/.netrc
+whitelist ${HOME}/.netrc
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
 #private-bin w3m,mpv,youtube-dl
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 074050792..2f1fe0155 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -6,11 +6,11 @@ include rtv.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/rtv
+noblacklist ${HOME}/.config/rtv
-nodeny  ${HOME}/.local/share/rtv
+noblacklist ${HOME}/.local/share/rtv
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -33,8 +33,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/rtv
 mkdir ${HOME}/.local/share/rtv
-allow  ${HOME}/.config/rtv
+whitelist ${HOME}/.config/rtv
-allow  ${HOME}/.local/share/rtv
+whitelist ${HOME}/.local/share/rtv
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile
index 963f5da02..de79913cc 100644
--- a/etc/profile-m-z/sayonara.profile
+++ b/etc/profile-m-z/sayonara.profile
@@ -5,8 +5,8 @@ include sayonara.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.Sayonara
+noblacklist ${HOME}/.Sayonara
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile
index 26550b5e0..eb8468c3b 100644
--- a/etc/profile-m-z/scallion.profile
+++ b/etc/profile-m-z/scallion.profile
@@ -6,10 +6,10 @@ include scallion.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PATH}/llvm*
+noblacklist ${PATH}/llvm*
-nodeny  ${PATH}/openssl
+noblacklist ${PATH}/openssl
-nodeny  ${PATH}/openssl-1.0
+noblacklist ${PATH}/openssl-1.0
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile
index 921efb49e..b1989e474 100644
--- a/etc/profile-m-z/scorched3d.profile
+++ b/etc/profile-m-z/scorched3d.profile
@@ -6,7 +6,7 @@ include scorched3d.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.scorched3d
+noblacklist ${HOME}/.scorched3d
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.scorched3d
-allow  ${HOME}/.scorched3d
+whitelist ${HOME}/.scorched3d
-allow  /usr/share/scorched3d
+whitelist /usr/share/scorched3d
-allow  /usr/share/games/scorched3d
+whitelist /usr/share/games/scorched3d
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile
index 54a6c3a01..2cb1df6b5 100644
--- a/etc/profile-m-z/scorchwentbonkers.profile
+++ b/etc/profile-m-z/scorchwentbonkers.profile
@@ -6,7 +6,7 @@ include scorchwentbonkers.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.swb.ini
+noblacklist ${HOME}/.swb.ini
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.swb.ini
-allow  ${HOME}/.swb.ini
+whitelist ${HOME}/.swb.ini
-allow  /usr/share/scorchwentbonkers
+whitelist /usr/share/scorchwentbonkers
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile
index 6519f8e87..1fdeaa145 100644
--- a/etc/profile-m-z/scribus.profile
+++ b/etc/profile-m-z/scribus.profile
@@ -7,24 +7,24 @@ include scribus.local
 include globals.local
 # Support for PDF readers comes with Scribus 1.5 and higher
-nodeny  ${HOME}/.cache/okular
+noblacklist ${HOME}/.cache/okular
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/okularrc
-nodeny  ${HOME}/.config/scribus
+noblacklist ${HOME}/.config/scribus
-nodeny  ${HOME}/.config/scribusrc
+noblacklist ${HOME}/.config/scribusrc
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
-nodeny  ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/okular
-nodeny  ${HOME}/.local/share/scribus
+noblacklist ${HOME}/.local/share/scribus
-nodeny  ${HOME}/.scribus
+noblacklist ${HOME}/.scribus
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile
index 95cedac3f..7799ab7ed 100644
--- a/etc/profile-m-z/seahorse-adventures.profile
+++ b/etc/profile-m-z/seahorse-adventures.profile
@@ -22,8 +22,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/seahorse-adventures
+whitelist /usr/share/seahorse-adventures
-allow  /usr/share/games/seahorse-adventures
+whitelist /usr/share/games/seahorse-adventures
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index 66605173b..d3d8e453f 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -6,9 +6,9 @@ include seahorse.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -27,13 +27,13 @@ include disable-xdg.inc
 #mkdir ${HOME}/.ssh
 #whitelist ${HOME}/.gnupg
 #whitelist ${HOME}/.ssh
-allow  /tmp/ssh-*
+whitelist /tmp/ssh-*
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /usr/share/seahorse
+whitelist /usr/share/seahorse
-allow  /usr/share/seahorse-nautilus
+whitelist /usr/share/seahorse-nautilus
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile
index c9867719a..807effbeb 100644
--- a/etc/profile-m-z/seamonkey.profile
+++ b/etc/profile-m-z/seamonkey.profile
@@ -6,10 +6,10 @@ include seamonkey.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla
 mkdir ${HOME}/.mozilla
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/mozilla
+whitelist ${HOME}/.cache/mozilla
-allow  ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-silverlight5.1
-allow  ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/pipelight-widevine
-allow  ${HOME}/.keysnail.js
+whitelist ${HOME}/.keysnail.js
-allow  ${HOME}/.lastpass
+whitelist ${HOME}/.lastpass
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
-allow  ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pentadactylrc
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
-allow  ${HOME}/.vimperator
+whitelist ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
+whitelist ${HOME}/.vimperatorrc
-allow  ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight
-allow  ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.wine-pipelight64
-allow  ${HOME}/.zotero
+whitelist ${HOME}/.zotero
-allow  ${HOME}/dwhelper
+whitelist ${HOME}/dwhelper
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 23f464637..7d56684db 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -32,12 +32,12 @@ include globals.local
 # it allows /sbin and /usr/sbin directories - this is where servers are installed
 # depending on your usage, you can enable some of the commands below:
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # noblacklist /var/opt
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile
index 0cb9de45a..b7f398f45 100644
--- a/etc/profile-m-z/shellcheck.profile
+++ b/etc/profile-m-z/shellcheck.profile
@@ -7,9 +7,9 @@ include shellcheck.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/shellcheck
+whitelist /usr/share/shellcheck
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile
index a8e5f6b18..d629240ec 100644
--- a/etc/profile-m-z/shortwave.profile
+++ b/etc/profile-m-z/shortwave.profile
@@ -6,8 +6,8 @@ include shortwave.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Shortwave
+noblacklist ${HOME}/.cache/Shortwave
-nodeny  ${HOME}/.local/share/Shortwave
+noblacklist ${HOME}/.local/share/Shortwave
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Shortwave
 mkdir ${HOME}/.local/share/Shortwave
-allow  ${HOME}/.cache/Shortwave
+whitelist ${HOME}/.cache/Shortwave
-allow  ${HOME}/.local/share/Shortwave
+whitelist ${HOME}/.local/share/Shortwave
-allow  /usr/share/shortwave
+whitelist /usr/share/shortwave
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile
index 1f3c39c46..63af4d367 100644
--- a/etc/profile-m-z/shotcut.profile
+++ b/etc/profile-m-z/shotcut.profile
@@ -8,7 +8,7 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/Meltytech
+noblacklist ${HOME}/.config/Meltytech
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile
index b653930c3..ddc8a7743 100644
--- a/etc/profile-m-z/shotwell.profile
+++ b/etc/profile-m-z/shotwell.profile
@@ -6,10 +6,10 @@ include shotwell.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/shotwell
+noblacklist ${HOME}/.cache/shotwell
-nodeny  ${HOME}/.local/share/shotwell
+noblacklist ${HOME}/.local/share/shotwell
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -21,9 +21,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/shotwell
 mkdir ${HOME}/.local/share/shotwell
-allow  ${HOME}/.cache/shotwell
+whitelist ${HOME}/.cache/shotwell
-allow  ${HOME}/.local/share/shotwell
+whitelist ${HOME}/.local/share/shotwell
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index 8a46899f1..478377344 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -6,10 +6,10 @@ include signal-cli.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.local/share/signal-cli
+noblacklist ${HOME}/.local/share/signal-cli
 include allow-java.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/signal-cli
-allow  ${HOME}/.local/share/signal-cli
+whitelist ${HOME}/.local/share/signal-cli
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index a12080748..77a7f5b38 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -9,15 +9,15 @@ ignore novideo
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Signal
+noblacklist ${HOME}/.config/Signal
 # These lines are needed to allow Firefox to open links
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 mkdir ${HOME}/.config/Signal
-allow  ${HOME}/.config/Signal
+whitelist ${HOME}/.config/Signal
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile
index 589a44ffc..17920677b 100644
--- a/etc/profile-m-z/simple-scan.profile
+++ b/etc/profile-m-z/simple-scan.profile
@@ -6,8 +6,8 @@ include simple-scan.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/simple-scan
+noblacklist ${HOME}/.cache/simple-scan
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/hplip
+whitelist /usr/share/hplip
-allow  /usr/share/simple-scan
+whitelist /usr/share/simple-scan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile
index 83f833508..d664f8bf5 100644
--- a/etc/profile-m-z/simplescreenrecorder.profile
+++ b/etc/profile-m-z/simplescreenrecorder.profile
@@ -6,8 +6,8 @@ include simplescreenrecorder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
-nodeny  ${HOME}/.ssr
+noblacklist ${HOME}/.ssr
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/simplescreenrecorder
+whitelist /usr/share/simplescreenrecorder
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile
index 1d7f41579..afaa0f6d8 100644
--- a/etc/profile-m-z/simutrans.profile
+++ b/etc/profile-m-z/simutrans.profile
@@ -6,7 +6,7 @@ include simutrans.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.simutrans
+noblacklist ${HOME}/.simutrans
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.simutrans
-allow  ${HOME}/.simutrans
+whitelist ${HOME}/.simutrans
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile
index 98ed624f9..093a61398 100644
--- a/etc/profile-m-z/skanlite.profile
+++ b/etc/profile-m-z/skanlite.profile
@@ -6,7 +6,7 @@ include skanlite.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile
index e7f70eebe..ed04eda8e 100644
--- a/etc/profile-m-z/skypeforlinux.profile
+++ b/etc/profile-m-z/skypeforlinux.profile
@@ -21,7 +21,7 @@ ignore dbus-system none
 ignore apparmor
 ignore noexec /tmp
-nodeny  ${HOME}/.config/skypeforlinux
+noblacklist ${HOME}/.config/skypeforlinux
 # private-dev - needs /dev/disk
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile
index b8299add3..51f6c8b00 100644
--- a/etc/profile-m-z/slack.profile
+++ b/etc/profile-m-z/slack.profile
@@ -16,14 +16,14 @@ ignore private-tmp
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/Slack
+noblacklist ${HOME}/.config/Slack
 include allow-bin-sh.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/Slack
-allow  ${HOME}/.config/Slack
+whitelist ${HOME}/.config/Slack
 private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile
index 36a0044dc..c5a31c237 100644
--- a/etc/profile-m-z/slashem.profile
+++ b/etc/profile-m-z/slashem.profile
@@ -6,7 +6,7 @@ include slashem.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/games/slashem
+noblacklist /var/games/slashem
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/games/slashem
+whitelist /var/games/slashem
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile
index 4e4334dc0..01547e5c1 100644
--- a/etc/profile-m-z/smplayer.profile
+++ b/etc/profile-m-z/smplayer.profile
@@ -6,9 +6,9 @@ include smplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,8 +17,8 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -29,9 +29,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/lua*
+whitelist /usr/share/lua*
-allow  /usr/share/smplayer
+whitelist /usr/share/smplayer
-allow  /usr/share/vulkan
+whitelist /usr/share/vulkan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile
index 99d02ffdf..196950eaf 100644
--- a/etc/profile-m-z/smtube.profile
+++ b/etc/profile-m-z/smtube.profile
@@ -6,14 +6,14 @@ include smtube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smplayer
-nodeny  ${HOME}/.config/smtube
+noblacklist ${HOME}/.config/smtube
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.mplayer
+noblacklist ${HOME}/.mplayer
-nodeny  ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/vlc
-nodeny  ${HOME}/.local/share/vlc
+noblacklist ${HOME}/.local/share/vlc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/smplayer
+whitelist /usr/share/smplayer
-allow  /usr/share/smtube
+whitelist /usr/share/smtube
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
index 3a79890cc..c3a9bb858 100644
--- a/etc/profile-m-z/smuxi-frontend-gnome.profile
+++ b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/smuxi
+noblacklist ${HOME}/.cache/smuxi
-nodeny  ${HOME}/.config/smuxi
+noblacklist ${HOME}/.config/smuxi
-nodeny  ${HOME}/.local/share/smuxi
+noblacklist ${HOME}/.local/share/smuxi
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/smuxi
 mkdir ${HOME}/.config/smuxi
 mkdir ${HOME}/.local/share/smuxi
-allow  ${HOME}/.cache/smuxi
+whitelist ${HOME}/.cache/smuxi
-allow  ${HOME}/.config/smuxi
+whitelist ${HOME}/.config/smuxi
-allow  ${HOME}/.local/share/smuxi
+whitelist ${HOME}/.local/share/smuxi
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile
index 1d315404e..83493652c 100644
--- a/etc/profile-m-z/snox.profile
+++ b/etc/profile-m-z/snox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/snox
+noblacklist ${HOME}/.cache/snox
-nodeny  ${HOME}/.config/snox
+noblacklist ${HOME}/.config/snox
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/snox
 mkdir ${HOME}/.config/snox
-allow  ${HOME}/.cache/snox
+whitelist ${HOME}/.cache/snox
-allow  ${HOME}/.config/snox
+whitelist ${HOME}/.config/snox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile
index bd4991e81..83315231f 100644
--- a/etc/profile-m-z/softmaker-common.profile
+++ b/etc/profile-m-z/softmaker-common.profile
@@ -10,7 +10,7 @@ include softmaker-common.local
 # with an absolute Exec line. These files are NOT handelt by firecfg,
 # therefore you must manualy copy them in you home and remove '/usr/bin/'.
-nodeny  ${HOME}/SoftMaker
+noblacklist ${HOME}/SoftMaker
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/office2018
+whitelist /usr/share/office2018
-allow  /usr/share/freeoffice2018
+whitelist /usr/share/freeoffice2018
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile
index 16ee39e09..ef00fdfff 100644
--- a/etc/profile-m-z/sound-juicer.profile
+++ b/etc/profile-m-z/sound-juicer.profile
@@ -6,8 +6,8 @@ include sound-juicer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/sound-juicer
+noblacklist ${HOME}/.config/sound-juicer
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile
index 46da7a453..4dbf34100 100644
--- a/etc/profile-m-z/soundconverter.profile
+++ b/etc/profile-m-z/soundconverter.profile
@@ -10,7 +10,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${MUSIC}
+whitelist ${MUSIC}
-allow  /usr/share/soundconverter
+whitelist /usr/share/soundconverter
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile
index 08adb5861..4468f21e7 100644
--- a/etc/profile-m-z/spectacle.profile
+++ b/etc/profile-m-z/spectacle.profile
@@ -12,8 +12,8 @@ include globals.local
 #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
 #protocol unix,inet,inet6
-nodeny  ${HOME}/.config/spectaclerc
+noblacklist ${HOME}/.config/spectaclerc
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-xdg.inc
 mkfile  ${HOME}/.config/spectaclerc
-allow  ${HOME}/.config/spectaclerc
+whitelist ${HOME}/.config/spectaclerc
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  /usr/share/kconf_update/spectacle_newConfig.upd
+whitelist /usr/share/kconf_update/spectacle_newConfig.upd
-allow  /usr/share/kconf_update/spectacle_shortcuts.upd
+whitelist /usr/share/kconf_update/spectacle_shortcuts.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 4c1b2d3e1..283674517 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -6,8 +6,8 @@ include spectral.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/ENCOM/Spectral
+noblacklist ${HOME}/.cache/ENCOM/Spectral
-nodeny  ${HOME}/.config/ENCOM
+noblacklist ${HOME}/.config/ENCOM
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/ENCOM/Spectral
 mkdir ${HOME}/.config/ENCOM
-allow  ${HOME}/.cache/ENCOM/Spectral
+whitelist ${HOME}/.cache/ENCOM/Spectral
-allow  ${HOME}/.config/ENCOM
+whitelist ${HOME}/.config/ENCOM
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile
index 3a3fd838d..984461f90 100644
--- a/etc/profile-m-z/spectre-meltdown-checker.profile
+++ b/etc/profile-m-z/spectre-meltdown-checker.profile
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${PATH}/mount
+noblacklist ${PATH}/mount
-nodeny  ${PATH}/umount
+noblacklist ${PATH}/umount
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile
index e1c830268..01bc2bc05 100644
--- a/etc/profile-m-z/spotify.profile
+++ b/etc/profile-m-z/spotify.profile
@@ -5,11 +5,11 @@ include spotify.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/spotify
+noblacklist ${HOME}/.cache/spotify
-nodeny  ${HOME}/.config/spotify
+noblacklist ${HOME}/.config/spotify
-nodeny  ${HOME}/.local/share/spotify
+noblacklist ${HOME}/.local/share/spotify
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/spotify
 mkdir ${HOME}/.config/spotify
 mkdir ${HOME}/.local/share/spotify
-allow  ${HOME}/.cache/spotify
+whitelist ${HOME}/.cache/spotify
-allow  ${HOME}/.config/spotify
+whitelist ${HOME}/.config/spotify
-allow  ${HOME}/.local/share/spotify
+whitelist ${HOME}/.local/share/spotify
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile
index aa577b63a..4dd2c7262 100644
--- a/etc/profile-m-z/sqlitebrowser.profile
+++ b/etc/profile-m-z/sqlitebrowser.profile
@@ -6,8 +6,8 @@ include sqlitebrowser.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/sqlitebrowser
+noblacklist ${HOME}/.config/sqlitebrowser
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index e456ebe07..5802299a3 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -9,8 +9,8 @@ include globals.local
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 8a0d86150..a58642192 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -8,8 +8,8 @@ include ssh.local
 include globals.local
 # nc can be used as ProxyCommand, e.g. when using tor
-nodeny  ${PATH}/nc
+noblacklist ${PATH}/nc
-nodeny  ${PATH}/ncat
+noblacklist ${PATH}/ncat
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -19,8 +19,8 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  ${RUNUSER}/gnupg/S.gpg-agent.ssh
+whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
-allow  ${RUNUSER}/keyring/ssh
+whitelist ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile
index 75de118ab..48a532876 100644
--- a/etc/profile-m-z/standardnotes-desktop.profile
+++ b/etc/profile-m-z/standardnotes-desktop.profile
@@ -5,8 +5,8 @@ include standardnotes-desktop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/Standard Notes Backups
+noblacklist ${HOME}/Standard Notes Backups
-nodeny  ${HOME}/.config/Standard Notes
+noblacklist ${HOME}/.config/Standard Notes
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 mkdir ${HOME}/Standard Notes Backups
 mkdir ${HOME}/.config/Standard Notes
-allow  ${HOME}/Standard Notes Backups
+whitelist ${HOME}/Standard Notes Backups
-allow  ${HOME}/.config/Standard Notes
+whitelist ${HOME}/.config/Standard Notes
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile
index 8f75365e8..2f73c9fee 100644
--- a/etc/profile-m-z/start-tor-browser.desktop.profile
+++ b/etc/profile-m-z/start-tor-browser.desktop.profile
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser*
+noblacklist ${HOME}/.tor-browser*
-allow  ${HOME}/.tor-browser-ar
+whitelist ${HOME}/.tor-browser-ar
-allow  ${HOME}/.tor-browser-ca
+whitelist ${HOME}/.tor-browser-ca
-allow  ${HOME}/.tor-browser-cs
+whitelist ${HOME}/.tor-browser-cs
-allow  ${HOME}/.tor-browser-da
+whitelist ${HOME}/.tor-browser-da
-allow  ${HOME}/.tor-browser-de
+whitelist ${HOME}/.tor-browser-de
-allow  ${HOME}/.tor-browser-el
+whitelist ${HOME}/.tor-browser-el
-allow  ${HOME}/.tor-browser-en
+whitelist ${HOME}/.tor-browser-en
-allow  ${HOME}/.tor-browser-en-us
+whitelist ${HOME}/.tor-browser-en-us
-allow  ${HOME}/.tor-browser-es
+whitelist ${HOME}/.tor-browser-es
-allow  ${HOME}/.tor-browser-es-es
+whitelist ${HOME}/.tor-browser-es-es
-allow  ${HOME}/.tor-browser-fa
+whitelist ${HOME}/.tor-browser-fa
-allow  ${HOME}/.tor-browser-fr
+whitelist ${HOME}/.tor-browser-fr
-allow  ${HOME}/.tor-browser-ga-ie
+whitelist ${HOME}/.tor-browser-ga-ie
-allow  ${HOME}/.tor-browser-he
+whitelist ${HOME}/.tor-browser-he
-allow  ${HOME}/.tor-browser-hu
+whitelist ${HOME}/.tor-browser-hu
-allow  ${HOME}/.tor-browser-id
+whitelist ${HOME}/.tor-browser-id
-allow  ${HOME}/.tor-browser-is
+whitelist ${HOME}/.tor-browser-is
-allow  ${HOME}/.tor-browser-it
+whitelist ${HOME}/.tor-browser-it
-allow  ${HOME}/.tor-browser-ja
+whitelist ${HOME}/.tor-browser-ja
-allow  ${HOME}/.tor-browser-ka
+whitelist ${HOME}/.tor-browser-ka
-allow  ${HOME}/.tor-browser-ko
+whitelist ${HOME}/.tor-browser-ko
-allow  ${HOME}/.tor-browser-nb
+whitelist ${HOME}/.tor-browser-nb
-allow  ${HOME}/.tor-browser-nl
+whitelist ${HOME}/.tor-browser-nl
-allow  ${HOME}/.tor-browser-pl
+whitelist ${HOME}/.tor-browser-pl
-allow  ${HOME}/.tor-browser-pt-br
+whitelist ${HOME}/.tor-browser-pt-br
-allow  ${HOME}/.tor-browser-ru
+whitelist ${HOME}/.tor-browser-ru
-allow  ${HOME}/.tor-browser-sv-se
+whitelist ${HOME}/.tor-browser-sv-se
-allow  ${HOME}/.tor-browser-tr
+whitelist ${HOME}/.tor-browser-tr
-allow  ${HOME}/.tor-browser-vi
+whitelist ${HOME}/.tor-browser-vi
-allow  ${HOME}/.tor-browser-zh-cn
+whitelist ${HOME}/.tor-browser-zh-cn
-allow  ${HOME}/.tor-browser-zh-tw
+whitelist ${HOME}/.tor-browser-zh-tw
-allow  ${HOME}/.tor-browser_ar
+whitelist ${HOME}/.tor-browser_ar
-allow  ${HOME}/.tor-browser_ca
+whitelist ${HOME}/.tor-browser_ca
-allow  ${HOME}/.tor-browser_cs
+whitelist ${HOME}/.tor-browser_cs
-allow  ${HOME}/.tor-browser_da
+whitelist ${HOME}/.tor-browser_da
-allow  ${HOME}/.tor-browser_de
+whitelist ${HOME}/.tor-browser_de
-allow  ${HOME}/.tor-browser_el
+whitelist ${HOME}/.tor-browser_el
-allow  ${HOME}/.tor-browser_en
+whitelist ${HOME}/.tor-browser_en
-allow  ${HOME}/.tor-browser_en_US
+whitelist ${HOME}/.tor-browser_en_US
-allow  ${HOME}/.tor-browser_es
+whitelist ${HOME}/.tor-browser_es
-allow  ${HOME}/.tor-browser_es-ES
+whitelist ${HOME}/.tor-browser_es-ES
-allow  ${HOME}/.tor-browser_fa
+whitelist ${HOME}/.tor-browser_fa
-allow  ${HOME}/.tor-browser_fr
+whitelist ${HOME}/.tor-browser_fr
-allow  ${HOME}/.tor-browser_ga-IE
+whitelist ${HOME}/.tor-browser_ga-IE
-allow  ${HOME}/.tor-browser_he
+whitelist ${HOME}/.tor-browser_he
-allow  ${HOME}/.tor-browser_hu
+whitelist ${HOME}/.tor-browser_hu
-allow  ${HOME}/.tor-browser_id
+whitelist ${HOME}/.tor-browser_id
-allow  ${HOME}/.tor-browser_is
+whitelist ${HOME}/.tor-browser_is
-allow  ${HOME}/.tor-browser_it
+whitelist ${HOME}/.tor-browser_it
-allow  ${HOME}/.tor-browser_ja
+whitelist ${HOME}/.tor-browser_ja
-allow  ${HOME}/.tor-browser_ka
+whitelist ${HOME}/.tor-browser_ka
-allow  ${HOME}/.tor-browser_ko
+whitelist ${HOME}/.tor-browser_ko
-allow  ${HOME}/.tor-browser_nb
+whitelist ${HOME}/.tor-browser_nb
-allow  ${HOME}/.tor-browser_nl
+whitelist ${HOME}/.tor-browser_nl
-allow  ${HOME}/.tor-browser_pl
+whitelist ${HOME}/.tor-browser_pl
-allow  ${HOME}/.tor-browser_pt-BR
+whitelist ${HOME}/.tor-browser_pt-BR
-allow  ${HOME}/.tor-browser_ru
+whitelist ${HOME}/.tor-browser_ru
-allow  ${HOME}/.tor-browser_sv-SE
+whitelist ${HOME}/.tor-browser_sv-SE
-allow  ${HOME}/.tor-browser_tr
+whitelist ${HOME}/.tor-browser_tr
-allow  ${HOME}/.tor-browser_vi
+whitelist ${HOME}/.tor-browser_vi
-allow  ${HOME}/.tor-browser_zh-CN
+whitelist ${HOME}/.tor-browser_zh-CN
-allow  ${HOME}/.tor-browser_zh-TW
+whitelist ${HOME}/.tor-browser_zh-TW
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index 09e29373d..06d08f3a2 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -6,40 +6,40 @@ include steam.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Epic
+noblacklist ${HOME}/.config/Epic
-nodeny  ${HOME}/.config/Loop_Hero
+noblacklist ${HOME}/.config/Loop_Hero
-nodeny  ${HOME}/.config/ModTheSpire
+noblacklist ${HOME}/.config/ModTheSpire
-nodeny  ${HOME}/.config/RogueLegacy
+noblacklist ${HOME}/.config/RogueLegacy
-nodeny  ${HOME}/.config/RogueLegacyStorageContainer
+noblacklist ${HOME}/.config/RogueLegacyStorageContainer
-nodeny  ${HOME}/.killingfloor
+noblacklist ${HOME}/.killingfloor
-nodeny  ${HOME}/.klei
+noblacklist ${HOME}/.klei
-nodeny  ${HOME}/.local/share/3909/PapersPlease
+noblacklist ${HOME}/.local/share/3909/PapersPlease
-nodeny  ${HOME}/.local/share/aspyr-media
+noblacklist ${HOME}/.local/share/aspyr-media
-nodeny  ${HOME}/.local/share/bohemiainteractive
+noblacklist ${HOME}/.local/share/bohemiainteractive
-nodeny  ${HOME}/.local/share/cdprojektred
+noblacklist ${HOME}/.local/share/cdprojektred
-nodeny  ${HOME}/.local/share/Dredmor
+noblacklist ${HOME}/.local/share/Dredmor
-nodeny  ${HOME}/.local/share/FasterThanLight
+noblacklist ${HOME}/.local/share/FasterThanLight
-nodeny  ${HOME}/.local/share/feral-interactive
+noblacklist ${HOME}/.local/share/feral-interactive
-nodeny  ${HOME}/.local/share/IntoTheBreach
+noblacklist ${HOME}/.local/share/IntoTheBreach
-nodeny  ${HOME}/.local/share/Paradox Interactive
+noblacklist ${HOME}/.local/share/Paradox Interactive
-nodeny  ${HOME}/.local/share/PillarsOfEternity
+noblacklist ${HOME}/.local/share/PillarsOfEternity
-nodeny  ${HOME}/.local/share/RogueLegacy
+noblacklist ${HOME}/.local/share/RogueLegacy
-nodeny  ${HOME}/.local/share/RogueLegacyStorageContainer
+noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer
-nodeny  ${HOME}/.local/share/Steam
+noblacklist ${HOME}/.local/share/Steam
-nodeny  ${HOME}/.local/share/SteamWorldDig
+noblacklist ${HOME}/.local/share/SteamWorldDig
-nodeny  ${HOME}/.local/share/SteamWorld Dig 2
+noblacklist ${HOME}/.local/share/SteamWorld Dig 2
-nodeny  ${HOME}/.local/share/SuperHexagon
+noblacklist ${HOME}/.local/share/SuperHexagon
-nodeny  ${HOME}/.local/share/Terraria
+noblacklist ${HOME}/.local/share/Terraria
-nodeny  ${HOME}/.local/share/vpltd
+noblacklist ${HOME}/.local/share/vpltd
-nodeny  ${HOME}/.local/share/vulkan
+noblacklist ${HOME}/.local/share/vulkan
-nodeny  ${HOME}/.mbwarband
+noblacklist ${HOME}/.mbwarband
-nodeny  ${HOME}/.paradoxinteractive
+noblacklist ${HOME}/.paradoxinteractive
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
-nodeny  ${HOME}/.steampath
+noblacklist ${HOME}/.steampath
-nodeny  ${HOME}/.steampid
+noblacklist ${HOME}/.steampid
 # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive
 mkdir ${HOME}/.steam
 mkfile ${HOME}/.steampath
 mkfile ${HOME}/.steampid
-allow  ${HOME}/.config/Epic
+whitelist ${HOME}/.config/Epic
-allow  ${HOME}/.config/Loop_Hero
+whitelist ${HOME}/.config/Loop_Hero
-allow  ${HOME}/.config/ModTheSpire
+whitelist ${HOME}/.config/ModTheSpire
-allow  ${HOME}/.config/RogueLegacy
+whitelist ${HOME}/.config/RogueLegacy
-allow  ${HOME}/.config/RogueLegacyStorageContainer
+whitelist ${HOME}/.config/RogueLegacyStorageContainer
-allow  ${HOME}/.config/unity3d
+whitelist ${HOME}/.config/unity3d
-allow  ${HOME}/.killingfloor
+whitelist ${HOME}/.killingfloor
-allow  ${HOME}/.klei
+whitelist ${HOME}/.klei
-allow  ${HOME}/.local/share/3909/PapersPlease
+whitelist ${HOME}/.local/share/3909/PapersPlease
-allow  ${HOME}/.local/share/aspyr-media
+whitelist ${HOME}/.local/share/aspyr-media
-allow  ${HOME}/.local/share/bohemiainteractive
+whitelist ${HOME}/.local/share/bohemiainteractive
-allow  ${HOME}/.local/share/cdprojektred
+whitelist ${HOME}/.local/share/cdprojektred
-allow  ${HOME}/.local/share/Dredmor
+whitelist ${HOME}/.local/share/Dredmor
-allow  ${HOME}/.local/share/FasterThanLight
+whitelist ${HOME}/.local/share/FasterThanLight
-allow  ${HOME}/.local/share/feral-interactive
+whitelist ${HOME}/.local/share/feral-interactive
-allow  ${HOME}/.local/share/IntoTheBreach
+whitelist ${HOME}/.local/share/IntoTheBreach
-allow  ${HOME}/.local/share/Paradox Interactive
+whitelist ${HOME}/.local/share/Paradox Interactive
-allow  ${HOME}/.local/share/PillarsOfEternity
+whitelist ${HOME}/.local/share/PillarsOfEternity
-allow  ${HOME}/.local/share/RogueLegacy
+whitelist ${HOME}/.local/share/RogueLegacy
-allow  ${HOME}/.local/share/RogueLegacyStorageContainer
+whitelist ${HOME}/.local/share/RogueLegacyStorageContainer
-allow  ${HOME}/.local/share/Steam
+whitelist ${HOME}/.local/share/Steam
-allow  ${HOME}/.local/share/SteamWorldDig
+whitelist ${HOME}/.local/share/SteamWorldDig
-allow  ${HOME}/.local/share/SteamWorld Dig 2
+whitelist ${HOME}/.local/share/SteamWorld Dig 2
-allow  ${HOME}/.local/share/SuperHexagon
+whitelist ${HOME}/.local/share/SuperHexagon
-allow  ${HOME}/.local/share/Terraria
+whitelist ${HOME}/.local/share/Terraria
-allow  ${HOME}/.local/share/vpltd
+whitelist ${HOME}/.local/share/vpltd
-allow  ${HOME}/.local/share/vulkan
+whitelist ${HOME}/.local/share/vulkan
-allow  ${HOME}/.mbwarband
+whitelist ${HOME}/.mbwarband
-allow  ${HOME}/.paradoxinteractive
+whitelist ${HOME}/.paradoxinteractive
-allow  ${HOME}/.steam
+whitelist ${HOME}/.steam
-allow  ${HOME}/.steampath
+whitelist ${HOME}/.steampath
-allow  ${HOME}/.steampid
+whitelist ${HOME}/.steampid
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile
index 003d3a079..a752ab53c 100644
--- a/etc/profile-m-z/stellarium.profile
+++ b/etc/profile-m-z/stellarium.profile
@@ -6,8 +6,8 @@ include stellarium.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/stellarium
+noblacklist ${HOME}/.config/stellarium
-nodeny  ${HOME}/.stellarium
+noblacklist ${HOME}/.stellarium
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 mkdir ${HOME}/.config/stellarium
 mkdir ${HOME}/.stellarium
-allow  ${HOME}/.config/stellarium
+whitelist ${HOME}/.config/stellarium
-allow  ${HOME}/.stellarium
+whitelist ${HOME}/.stellarium
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile
index dd643bc20..d73927f2a 100644
--- a/etc/profile-m-z/straw-viewer.profile
+++ b/etc/profile-m-z/straw-viewer.profile
@@ -7,13 +7,13 @@ include straw-viewer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/straw-viewer
+noblacklist ${HOME}/.cache/straw-viewer
-nodeny  ${HOME}/.config/straw-viewer
+noblacklist ${HOME}/.config/straw-viewer
 mkdir ${HOME}/.config/straw-viewer
 mkdir ${HOME}/.cache/straw-viewer
-allow  ${HOME}/.cache/straw-viewer
+whitelist ${HOME}/.cache/straw-viewer
-allow  ${HOME}/.config/straw-viewer
+whitelist ${HOME}/.config/straw-viewer
 private-bin gtk-straw-viewer,straw-viewer
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile
index aed0b7910..b87906f55 100644
--- a/etc/profile-m-z/strawberry.profile
+++ b/etc/profile-m-z/strawberry.profile
@@ -6,10 +6,10 @@ include strawberry.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/strawberry
+noblacklist ${HOME}/.cache/strawberry
-nodeny  ${HOME}/.config/strawberry
+noblacklist ${HOME}/.config/strawberry
-nodeny  ${HOME}/.local/share/strawberry
+noblacklist ${HOME}/.local/share/strawberry
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile
index 5c820ef81..1ebcded7f 100644
--- a/etc/profile-m-z/strings.profile
+++ b/etc/profile-m-z/strings.profile
@@ -7,7 +7,7 @@ include strings.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile
index 0d07b5ea7..bbe92fd38 100644
--- a/etc/profile-m-z/subdownloader.profile
+++ b/etc/profile-m-z/subdownloader.profile
@@ -6,8 +6,8 @@ include subdownloader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/SubDownloader
+noblacklist ${HOME}/.config/SubDownloader
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile
index 8cc547805..cfd7a63ea 100644
--- a/etc/profile-m-z/supertux2.profile
+++ b/etc/profile-m-z/supertux2.profile
@@ -6,7 +6,7 @@ include supertux2.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/supertux2
+noblacklist ${HOME}/.local/share/supertux2
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/supertux2
-allow  ${HOME}/.local/share/supertux2
+whitelist ${HOME}/.local/share/supertux2
-allow  /usr/share/supertux2
+whitelist /usr/share/supertux2
-allow  /usr/share/games/supertux2       # Debian version
+whitelist /usr/share/games/supertux2    # Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 44dc1524f..4eb8f921c 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -6,11 +6,11 @@ include supertuxkart.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/supertuxkart
+noblacklist ${HOME}/.config/supertuxkart
-nodeny  ${HOME}/.cache/supertuxkart
+noblacklist ${HOME}/.cache/supertuxkart
-nodeny  ${HOME}/.local/share/supertuxkart
+noblacklist ${HOME}/.local/share/supertuxkart
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/supertuxkart
 mkdir ${HOME}/.cache/supertuxkart
 mkdir ${HOME}/.local/share/supertuxkart
-allow  ${HOME}/.config/supertuxkart
+whitelist ${HOME}/.config/supertuxkart
-allow  ${HOME}/.cache/supertuxkart
+whitelist ${HOME}/.cache/supertuxkart
-allow  ${HOME}/.local/share/supertuxkart
+whitelist ${HOME}/.local/share/supertuxkart
-allow  /usr/share/supertuxkart
+whitelist /usr/share/supertuxkart
-allow  /usr/share/games/supertuxkart    # Debian version
+whitelist /usr/share/games/supertuxkart # Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile
index fd1e7f9e9..8db7d2433 100644
--- a/etc/profile-m-z/surf.profile
+++ b/etc/profile-m-z/surf.profile
@@ -6,7 +6,7 @@ include surf.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.surf
+noblacklist ${HOME}/.surf
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.surf
-allow  ${HOME}/.surf
+whitelist ${HOME}/.surf
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile
index 55cd0965a..9efae815d 100644
--- a/etc/profile-m-z/swell-foop.profile
+++ b/etc/profile-m-z/swell-foop.profile
@@ -6,12 +6,12 @@ include swell-foop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/swell-foop
+noblacklist ${HOME}/.local/share/swell-foop
 mkdir ${HOME}/.local/share/swell-foop
-allow  ${HOME}/.local/share/swell-foop
+whitelist ${HOME}/.local/share/swell-foop
-allow  /usr/share/swell-foop
+whitelist /usr/share/swell-foop
 private-bin swell-foop
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile
index 447cdc99e..328812b04 100644
--- a/etc/profile-m-z/sylpheed.profile
+++ b/etc/profile-m-z/sylpheed.profile
@@ -6,12 +6,12 @@ include sylpheed.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.sylpheed-2.0
+noblacklist ${HOME}/.sylpheed-2.0
 mkdir ${HOME}/.sylpheed-2.0
-allow  ${HOME}/.sylpheed-2.0
+whitelist ${HOME}/.sylpheed-2.0
-allow  /usr/share/sylpheed
+whitelist /usr/share/sylpheed
 # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile
index 7cbbafd54..c60186c42 100644
--- a/etc/profile-m-z/synfigstudio.profile
+++ b/etc/profile-m-z/synfigstudio.profile
@@ -6,8 +6,8 @@ include synfigstudio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/synfig
+noblacklist ${HOME}/.config/synfig
-nodeny  ${HOME}/.synfig
+noblacklist ${HOME}/.synfig
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile
index f20f88791..b52b25b96 100644
--- a/etc/profile-m-z/sysprof.profile
+++ b/etc/profile-m-z/sysprof.profile
@@ -6,7 +6,7 @@ include sysprof.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -24,15 +24,15 @@ include disable-xdg.inc
 #nowhitelist /usr/share/yelp-tools
 #nowhitelist /usr/share/yelp-xsl
-nodeny  ${HOME}/.config/yelp
+noblacklist ${HOME}/.config/yelp
 mkdir ${HOME}/.config/yelp
-allow  ${HOME}/.config/yelp
+whitelist ${HOME}/.config/yelp
-allow  /usr/share/help/C/sysprof
+whitelist /usr/share/help/C/sysprof
-allow  /usr/share/yelp
+whitelist /usr/share/yelp
-allow  /usr/share/yelp-tools
+whitelist /usr/share/yelp-tools
-allow  /usr/share/yelp-xsl
+whitelist /usr/share/yelp-xsl
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile
index 74c8a0849..0d3a900e9 100644
--- a/etc/profile-m-z/tar.profile
+++ b/etc/profile-m-z/tar.profile
@@ -12,7 +12,7 @@ ignore include disable-shell.inc
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 private-etc alternatives,group,localtime,login.defs,passwd
 #private-lib libfakeroot,liblzma.so.*,libreadline.so.*
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile
index 691c33191..ffe9605b6 100644
--- a/etc/profile-m-z/tb-starter-wrapper.profile
+++ b/etc/profile-m-z/tb-starter-wrapper.profile
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tb
+noblacklist ${HOME}/.tb
 mkdir ${HOME}/.tb
-allow  ${HOME}/.tb
+whitelist ${HOME}/.tb
 private-bin tb-starter-wrapper
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile
index b4c4873b3..e2ba5893c 100644
--- a/etc/profile-m-z/tcpdump.profile
+++ b/etc/profile-m-z/tcpdump.profile
@@ -6,9 +6,9 @@ include tcpdump.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
-nodeny  ${PATH}/tcpdump
+noblacklist ${PATH}/tcpdump
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile
index 24cbb42da..eee083332 100644
--- a/etc/profile-m-z/teams-for-linux.profile
+++ b/etc/profile-m-z/teams-for-linux.profile
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/teams-for-linux
+noblacklist ${HOME}/.config/teams-for-linux
 mkdir ${HOME}/.config/teams-for-linux
-allow  ${HOME}/.config/teams-for-linux
+whitelist ${HOME}/.config/teams-for-linux
 private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh
 private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile
index 8639edbc8..c8d98cbaa 100644
--- a/etc/profile-m-z/teams.profile
+++ b/etc/profile-m-z/teams.profile
@@ -18,13 +18,13 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/teams
+noblacklist ${HOME}/.config/teams
-nodeny  ${HOME}/.config/Microsoft
+noblacklist ${HOME}/.config/Microsoft
 mkdir ${HOME}/.config/teams
 mkdir ${HOME}/.config/Microsoft
-allow  ${HOME}/.config/teams
+whitelist ${HOME}/.config/teams
-allow  ${HOME}/.config/Microsoft
+whitelist ${HOME}/.config/Microsoft
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile
index 781a5f4eb..02a2c8ae4 100644
--- a/etc/profile-m-z/teamspeak3.profile
+++ b/etc/profile-m-z/teamspeak3.profile
@@ -6,8 +6,8 @@ include teamspeak3.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ts3client
+noblacklist ${HOME}/.ts3client
-nodeny  ${PATH}/openssl
+noblacklist ${PATH}/openssl
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.ts3client
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.ts3client
+whitelist ${HOME}/.ts3client
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile
index c9c444ffc..be01aee12 100644
--- a/etc/profile-m-z/teeworlds.profile
+++ b/etc/profile-m-z/teeworlds.profile
@@ -6,7 +6,7 @@ include teeworlds.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.teeworlds
+noblacklist ${HOME}/.teeworlds
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.teeworlds
-allow  ${HOME}/.teeworlds
+whitelist ${HOME}/.teeworlds
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index 92689a461..e7580938d 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -5,8 +5,8 @@ include telegram.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.TelegramDesktop
+noblacklist ${HOME}/.TelegramDesktop
-nodeny  ${HOME}/.local/share/TelegramDesktop
+noblacklist ${HOME}/.local/share/TelegramDesktop
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.TelegramDesktop
 mkdir ${HOME}/.local/share/TelegramDesktop
-allow  ${HOME}/.TelegramDesktop
+whitelist ${HOME}/.TelegramDesktop
-allow  ${HOME}/.local/share/TelegramDesktop
+whitelist ${HOME}/.local/share/TelegramDesktop
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile
index b2f98fbac..ce2ca1d17 100644
--- a/etc/profile-m-z/terasology.profile
+++ b/etc/profile-m-z/terasology.profile
@@ -7,7 +7,7 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.local/share/terasology
+noblacklist ${HOME}/.local/share/terasology
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -21,8 +21,8 @@ include disable-programs.inc
 mkdir ${HOME}/.java
 mkdir ${HOME}/.local/share/terasology
-allow  ${HOME}/.java
+whitelist ${HOME}/.java
-allow  ${HOME}/.local/share/terasology
+whitelist ${HOME}/.local/share/terasology
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile
index a539cadf8..b478fbe1e 100644
--- a/etc/profile-m-z/thunderbird.profile
+++ b/etc/profile-m-z/thunderbird.profile
@@ -22,14 +22,14 @@ writable-run-user
 #writable-var
 # These lines are needed to allow Firefox to load your profile when clicking a link in an email
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
-nodeny  ${HOME}/.cache/thunderbird
+noblacklist ${HOME}/.cache/thunderbird
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 # noblacklist ${HOME}/.icedove
-nodeny  ${HOME}/.thunderbird
+noblacklist ${HOME}/.thunderbird
 include disable-passwdmgr.inc
 include disable-xdg.inc
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird
 mkdir ${HOME}/.gnupg
 # mkdir ${HOME}/.icedove
 mkdir ${HOME}/.thunderbird
-allow  ${HOME}/.cache/thunderbird
+whitelist ${HOME}/.cache/thunderbird
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
 # whitelist ${HOME}/.icedove
-allow  ${HOME}/.thunderbird
+whitelist ${HOME}/.thunderbird
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/mozilla
+whitelist /usr/share/mozilla
-allow  /usr/share/thunderbird
+whitelist /usr/share/thunderbird
-allow  /usr/share/webext
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile
index b0fa54f08..dd4a372c4 100644
--- a/etc/profile-m-z/tilp.profile
+++ b/etc/profile-m-z/tilp.profile
@@ -5,7 +5,7 @@ include tilp.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.tilp
+noblacklist ${HOME}/.tilp
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index 3ee696b8b..e0ed3090a 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -6,12 +6,12 @@ include tin.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.newsrc
+noblacklist ${HOME}/.newsrc
-nodeny  ${HOME}/.tin
+noblacklist ${HOME}/.tin
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
index d2e90e356..0139d7515 100644
--- a/etc/profile-m-z/tmux.profile
+++ b/etc/profile-m-z/tmux.profile
@@ -7,10 +7,10 @@ include tmux.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  /tmp/tmux-*
+noblacklist /tmp/tmux-*
 # include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile
index 49158b93e..59f1bc3b1 100644
--- a/etc/profile-m-z/tor-browser-ar.profile
+++ b/etc/profile-m-z/tor-browser-ar.profile
@@ -6,10 +6,10 @@ include tor-browser-ar.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ar
+noblacklist ${HOME}/.tor-browser-ar
 mkdir ${HOME}/.tor-browser-ar
-allow  ${HOME}/.tor-browser-ar
+whitelist ${HOME}/.tor-browser-ar
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile
index 612f8bd7c..68577e352 100644
--- a/etc/profile-m-z/tor-browser-ca.profile
+++ b/etc/profile-m-z/tor-browser-ca.profile
@@ -6,10 +6,10 @@ include tor-browser-ca.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ca
+noblacklist ${HOME}/.tor-browser-ca
 mkdir ${HOME}/.tor-browser-ca
-allow  ${HOME}/.tor-browser-ca
+whitelist ${HOME}/.tor-browser-ca
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile
index a400fde05..33e51fcd0 100644
--- a/etc/profile-m-z/tor-browser-cs.profile
+++ b/etc/profile-m-z/tor-browser-cs.profile
@@ -6,10 +6,10 @@ include tor-browser-cs.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-cs
+noblacklist ${HOME}/.tor-browser-cs
 mkdir ${HOME}/.tor-browser-cs
-allow  ${HOME}/.tor-browser-cs
+whitelist ${HOME}/.tor-browser-cs
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile
index 9010025e3..440bb7fc3 100644
--- a/etc/profile-m-z/tor-browser-da.profile
+++ b/etc/profile-m-z/tor-browser-da.profile
@@ -6,10 +6,10 @@ include tor-browser-da.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-da
+noblacklist ${HOME}/.tor-browser-da
 mkdir ${HOME}/.tor-browser-da
-allow  ${HOME}/.tor-browser-da
+whitelist ${HOME}/.tor-browser-da
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile
index cd556c32b..b2b98cf82 100644
--- a/etc/profile-m-z/tor-browser-de.profile
+++ b/etc/profile-m-z/tor-browser-de.profile
@@ -6,10 +6,10 @@ include tor-browser-de.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-de
+noblacklist ${HOME}/.tor-browser-de
 mkdir ${HOME}/.tor-browser-de
-allow  ${HOME}/.tor-browser-de
+whitelist ${HOME}/.tor-browser-de
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile
index ee2b0fea7..626757dd5 100644
--- a/etc/profile-m-z/tor-browser-el.profile
+++ b/etc/profile-m-z/tor-browser-el.profile
@@ -6,10 +6,10 @@ include tor-browser-el.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-el
+noblacklist ${HOME}/.tor-browser-el
 mkdir ${HOME}/.tor-browser-el
-allow  ${HOME}/.tor-browser-el
+whitelist ${HOME}/.tor-browser-el
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile
index 2be71a5aa..15e690748 100644
--- a/etc/profile-m-z/tor-browser-en-us.profile
+++ b/etc/profile-m-z/tor-browser-en-us.profile
@@ -6,10 +6,10 @@ include tor-browser-en-us.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-en-us
+noblacklist ${HOME}/.tor-browser-en-us
 mkdir ${HOME}/.tor-browser-en-us
-allow  ${HOME}/.tor-browser-en-us
+whitelist ${HOME}/.tor-browser-en-us
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile
index 633c2f4f9..ef8c1eb8b 100644
--- a/etc/profile-m-z/tor-browser-en.profile
+++ b/etc/profile-m-z/tor-browser-en.profile
@@ -6,10 +6,10 @@ include tor-browser-en.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-en
+noblacklist ${HOME}/.tor-browser-en
 mkdir ${HOME}/.tor-browser-en
-allow  ${HOME}/.tor-browser-en
+whitelist ${HOME}/.tor-browser-en
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile
index f7c2302a7..ad734662e 100644
--- a/etc/profile-m-z/tor-browser-es-es.profile
+++ b/etc/profile-m-z/tor-browser-es-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es-es.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-es-es
+noblacklist ${HOME}/.tor-browser-es-es
 mkdir ${HOME}/.tor-browser-es-es
-allow  ${HOME}/.tor-browser-es-es
+whitelist ${HOME}/.tor-browser-es-es
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile
index d88dcdec1..97d8d8577 100644
--- a/etc/profile-m-z/tor-browser-es.profile
+++ b/etc/profile-m-z/tor-browser-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-es
+noblacklist ${HOME}/.tor-browser-es
 mkdir ${HOME}/.tor-browser-es
-allow  ${HOME}/.tor-browser-es
+whitelist ${HOME}/.tor-browser-es
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile
index 3f7074fdb..095be69e4 100644
--- a/etc/profile-m-z/tor-browser-fa.profile
+++ b/etc/profile-m-z/tor-browser-fa.profile
@@ -6,10 +6,10 @@ include tor-browser-fa.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-fa
+noblacklist ${HOME}/.tor-browser-fa
 mkdir ${HOME}/.tor-browser-fa
-allow  ${HOME}/.tor-browser-fa
+whitelist ${HOME}/.tor-browser-fa
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile
index ef14f44a2..37f61fc3a 100644
--- a/etc/profile-m-z/tor-browser-fr.profile
+++ b/etc/profile-m-z/tor-browser-fr.profile
@@ -6,10 +6,10 @@ include tor-browser-fr.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-fr
+noblacklist ${HOME}/.tor-browser-fr
 mkdir ${HOME}/.tor-browser-fr
-allow  ${HOME}/.tor-browser-fr
+whitelist ${HOME}/.tor-browser-fr
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile
index 06baaf34f..ab7141fc4 100644
--- a/etc/profile-m-z/tor-browser-ga-ie.profile
+++ b/etc/profile-m-z/tor-browser-ga-ie.profile
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ga-ie
+noblacklist ${HOME}/.tor-browser-ga-ie
 mkdir ${HOME}/.tor-browser-ga-ie
-allow  ${HOME}/.tor-browser-ga-ie
+whitelist ${HOME}/.tor-browser-ga-ie
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile
index 57588ffc7..ae56f3b7f 100644
--- a/etc/profile-m-z/tor-browser-he.profile
+++ b/etc/profile-m-z/tor-browser-he.profile
@@ -6,10 +6,10 @@ include tor-browser-he.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-he
+noblacklist ${HOME}/.tor-browser-he
 mkdir ${HOME}/.tor-browser-he
-allow  ${HOME}/.tor-browser-he
+whitelist ${HOME}/.tor-browser-he
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile
index a10b66a24..65cd18ac8 100644
--- a/etc/profile-m-z/tor-browser-hu.profile
+++ b/etc/profile-m-z/tor-browser-hu.profile
@@ -6,10 +6,10 @@ include tor-browser-hu.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-hu
+noblacklist ${HOME}/.tor-browser-hu
 mkdir ${HOME}/.tor-browser-hu
-allow  ${HOME}/.tor-browser-hu
+whitelist ${HOME}/.tor-browser-hu
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile
index fcdb822cd..57fe09f47 100644
--- a/etc/profile-m-z/tor-browser-id.profile
+++ b/etc/profile-m-z/tor-browser-id.profile
@@ -6,10 +6,10 @@ include tor-browser-id.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-id
+noblacklist ${HOME}/.tor-browser-id
 mkdir ${HOME}/.tor-browser-id
-allow  ${HOME}/.tor-browser-id
+whitelist ${HOME}/.tor-browser-id
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile
index 45b47c108..54f1df42d 100644
--- a/etc/profile-m-z/tor-browser-is.profile
+++ b/etc/profile-m-z/tor-browser-is.profile
@@ -6,10 +6,10 @@ include tor-browser-is.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-is
+noblacklist ${HOME}/.tor-browser-is
 mkdir ${HOME}/.tor-browser-is
-allow  ${HOME}/.tor-browser-is
+whitelist ${HOME}/.tor-browser-is
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile
index b5a2f7c13..a7d46e875 100644
--- a/etc/profile-m-z/tor-browser-it.profile
+++ b/etc/profile-m-z/tor-browser-it.profile
@@ -6,10 +6,10 @@ include tor-browser-it.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-it
+noblacklist ${HOME}/.tor-browser-it
 mkdir ${HOME}/.tor-browser-it
-allow  ${HOME}/.tor-browser-it
+whitelist ${HOME}/.tor-browser-it
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile
index e1f023bd4..b89016141 100644
--- a/etc/profile-m-z/tor-browser-ja.profile
+++ b/etc/profile-m-z/tor-browser-ja.profile
@@ -6,10 +6,10 @@ include tor-browser-ja.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ja
+noblacklist ${HOME}/.tor-browser-ja
 mkdir ${HOME}/.tor-browser-ja
-allow  ${HOME}/.tor-browser-ja
+whitelist ${HOME}/.tor-browser-ja
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile
index 17930b58e..b57cf10de 100644
--- a/etc/profile-m-z/tor-browser-ka.profile
+++ b/etc/profile-m-z/tor-browser-ka.profile
@@ -6,10 +6,10 @@ include tor-browser-ka.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ka
+noblacklist ${HOME}/.tor-browser-ka
 mkdir ${HOME}/.tor-browser-ka
-allow  ${HOME}/.tor-browser-ka
+whitelist ${HOME}/.tor-browser-ka
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile
index b33d1edb4..a9bedb6fd 100644
--- a/etc/profile-m-z/tor-browser-ko.profile
+++ b/etc/profile-m-z/tor-browser-ko.profile
@@ -6,10 +6,10 @@ include tor-browser-ko.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ko
+noblacklist ${HOME}/.tor-browser-ko
 mkdir ${HOME}/.tor-browser-ko
-allow  ${HOME}/.tor-browser-ko
+whitelist ${HOME}/.tor-browser-ko
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile
index b462eb9ac..fbe9f92bd 100644
--- a/etc/profile-m-z/tor-browser-nb.profile
+++ b/etc/profile-m-z/tor-browser-nb.profile
@@ -6,10 +6,10 @@ include tor-browser-nb.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-nb
+noblacklist ${HOME}/.tor-browser-nb
 mkdir ${HOME}/.tor-browser-nb
-allow  ${HOME}/.tor-browser-nb
+whitelist ${HOME}/.tor-browser-nb
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile
index 0225eb6fd..678ac1713 100644
--- a/etc/profile-m-z/tor-browser-nl.profile
+++ b/etc/profile-m-z/tor-browser-nl.profile
@@ -6,10 +6,10 @@ include tor-browser-nl.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-nl
+noblacklist ${HOME}/.tor-browser-nl
 mkdir ${HOME}/.tor-browser-nl
-allow  ${HOME}/.tor-browser-nl
+whitelist ${HOME}/.tor-browser-nl
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile
index 75604b458..25d473b1a 100644
--- a/etc/profile-m-z/tor-browser-pl.profile
+++ b/etc/profile-m-z/tor-browser-pl.profile
@@ -6,10 +6,10 @@ include tor-browser-pl.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-pl
+noblacklist ${HOME}/.tor-browser-pl
 mkdir ${HOME}/.tor-browser-pl
-allow  ${HOME}/.tor-browser-pl
+whitelist ${HOME}/.tor-browser-pl
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile
index 4d50d8034..55adbd5ea 100644
--- a/etc/profile-m-z/tor-browser-pt-br.profile
+++ b/etc/profile-m-z/tor-browser-pt-br.profile
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-pt-br
+noblacklist ${HOME}/.tor-browser-pt-br
 mkdir ${HOME}/.tor-browser-pt-br
-allow  ${HOME}/.tor-browser-pt-br
+whitelist ${HOME}/.tor-browser-pt-br
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile
index 4bca3c46f..aea13be9d 100644
--- a/etc/profile-m-z/tor-browser-ru.profile
+++ b/etc/profile-m-z/tor-browser-ru.profile
@@ -6,10 +6,10 @@ include tor-browser-ru.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-ru
+noblacklist ${HOME}/.tor-browser-ru
 mkdir ${HOME}/.tor-browser-ru
-allow  ${HOME}/.tor-browser-ru
+whitelist ${HOME}/.tor-browser-ru
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile
index 1b319dc43..b7882bd04 100644
--- a/etc/profile-m-z/tor-browser-sv-se.profile
+++ b/etc/profile-m-z/tor-browser-sv-se.profile
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-sv-se
+noblacklist ${HOME}/.tor-browser-sv-se
 mkdir ${HOME}/.tor-browser-sv-se
-allow  ${HOME}/.tor-browser-sv-se
+whitelist ${HOME}/.tor-browser-sv-se
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile
index 0775a0c08..c52e8c4c4 100644
--- a/etc/profile-m-z/tor-browser-tr.profile
+++ b/etc/profile-m-z/tor-browser-tr.profile
@@ -6,10 +6,10 @@ include tor-browser-tr.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-tr
+noblacklist ${HOME}/.tor-browser-tr
 mkdir ${HOME}/.tor-browser-tr
-allow  ${HOME}/.tor-browser-tr
+whitelist ${HOME}/.tor-browser-tr
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile
index c4d5a7a76..d5bf76655 100644
--- a/etc/profile-m-z/tor-browser-vi.profile
+++ b/etc/profile-m-z/tor-browser-vi.profile
@@ -6,10 +6,10 @@ include tor-browser-vi.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-vi
+noblacklist ${HOME}/.tor-browser-vi
 mkdir ${HOME}/.tor-browser-vi
-allow  ${HOME}/.tor-browser-vi
+whitelist ${HOME}/.tor-browser-vi
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile
index 4cd287e5d..6c8925a4a 100644
--- a/etc/profile-m-z/tor-browser-zh-cn.profile
+++ b/etc/profile-m-z/tor-browser-zh-cn.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-zh-cn
+noblacklist ${HOME}/.tor-browser-zh-cn
 mkdir ${HOME}/.tor-browser-zh-cn
-allow  ${HOME}/.tor-browser-zh-cn
+whitelist ${HOME}/.tor-browser-zh-cn
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile
index c75baf522..141a6701e 100644
--- a/etc/profile-m-z/tor-browser-zh-tw.profile
+++ b/etc/profile-m-z/tor-browser-zh-tw.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser-zh-tw
+noblacklist ${HOME}/.tor-browser-zh-tw
 mkdir ${HOME}/.tor-browser-zh-tw
-allow  ${HOME}/.tor-browser-zh-tw
+whitelist ${HOME}/.tor-browser-zh-tw
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile
index 8a2dbda53..76a0e1fa5 100644
--- a/etc/profile-m-z/tor-browser.profile
+++ b/etc/profile-m-z/tor-browser.profile
@@ -6,10 +6,10 @@ include tor-browser.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser
+noblacklist ${HOME}/.tor-browser
 mkdir ${HOME}/.tor-browser
-allow  ${HOME}/.tor-browser
+whitelist ${HOME}/.tor-browser
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile
index 90b5a0960..d811b7549 100644
--- a/etc/profile-m-z/tor-browser_ar.profile
+++ b/etc/profile-m-z/tor-browser_ar.profile
@@ -6,10 +6,10 @@ include tor-browser_ar.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ar
+noblacklist ${HOME}/.tor-browser_ar
 mkdir ${HOME}/.tor-browser_ar
-allow  ${HOME}/.tor-browser_ar
+whitelist ${HOME}/.tor-browser_ar
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile
index a04207ccd..8bf1f7cd4 100644
--- a/etc/profile-m-z/tor-browser_ca.profile
+++ b/etc/profile-m-z/tor-browser_ca.profile
@@ -6,10 +6,10 @@ include tor-browser_ca.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ca
+noblacklist ${HOME}/.tor-browser_ca
 mkdir ${HOME}/.tor-browser_ca
-allow  ${HOME}/.tor-browser_ca
+whitelist ${HOME}/.tor-browser_ca
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile
index b99ad14a8..b41107bf1 100644
--- a/etc/profile-m-z/tor-browser_cs.profile
+++ b/etc/profile-m-z/tor-browser_cs.profile
@@ -6,10 +6,10 @@ include tor-browser_cs.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_cs
+noblacklist ${HOME}/.tor-browser_cs
 mkdir ${HOME}/.tor-browser_cs
-allow  ${HOME}/.tor-browser_cs
+whitelist ${HOME}/.tor-browser_cs
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile
index 545e53b7e..cbec4ee2e 100644
--- a/etc/profile-m-z/tor-browser_da.profile
+++ b/etc/profile-m-z/tor-browser_da.profile
@@ -6,10 +6,10 @@ include tor-browser_da.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_da
+noblacklist ${HOME}/.tor-browser_da
 mkdir ${HOME}/.tor-browser_da
-allow  ${HOME}/.tor-browser_da
+whitelist ${HOME}/.tor-browser_da
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile
index 545f82f72..ea26765d3 100644
--- a/etc/profile-m-z/tor-browser_de.profile
+++ b/etc/profile-m-z/tor-browser_de.profile
@@ -6,10 +6,10 @@ include tor-browser_de.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_de
+noblacklist ${HOME}/.tor-browser_de
 mkdir ${HOME}/.tor-browser_de
-allow  ${HOME}/.tor-browser_de
+whitelist ${HOME}/.tor-browser_de
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile
index 3120b1701..ff57a8722 100644
--- a/etc/profile-m-z/tor-browser_el.profile
+++ b/etc/profile-m-z/tor-browser_el.profile
@@ -6,10 +6,10 @@ include tor-browser_el.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_el
+noblacklist ${HOME}/.tor-browser_el
 mkdir ${HOME}/.tor-browser_el
-allow  ${HOME}/.tor-browser_el
+whitelist ${HOME}/.tor-browser_el
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile
index 6719ac057..18c92b638 100644
--- a/etc/profile-m-z/tor-browser_en-US.profile
+++ b/etc/profile-m-z/tor-browser_en-US.profile
@@ -6,10 +6,10 @@ include tor-browser_en-US.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_en-US
+noblacklist ${HOME}/.tor-browser_en-US
 mkdir ${HOME}/.tor-browser_en-US
-allow  ${HOME}/.tor-browser_en-US
+whitelist ${HOME}/.tor-browser_en-US
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile
index 4cbd37109..ebba83cc4 100644
--- a/etc/profile-m-z/tor-browser_en.profile
+++ b/etc/profile-m-z/tor-browser_en.profile
@@ -6,10 +6,10 @@ include tor-browser_en.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_en
+noblacklist ${HOME}/.tor-browser_en
 mkdir ${HOME}/.tor-browser_en
-allow  ${HOME}/.tor-browser_en
+whitelist ${HOME}/.tor-browser_en
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile
index 6c8a5987c..aecab38d5 100644
--- a/etc/profile-m-z/tor-browser_es-ES.profile
+++ b/etc/profile-m-z/tor-browser_es-ES.profile
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_es-ES
+noblacklist ${HOME}/.tor-browser_es-ES
 mkdir ${HOME}/.tor-browser_es-ES
-allow  ${HOME}/.tor-browser_es-ES
+whitelist ${HOME}/.tor-browser_es-ES
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile
index 7d358b7ca..e19e9b5e6 100644
--- a/etc/profile-m-z/tor-browser_es.profile
+++ b/etc/profile-m-z/tor-browser_es.profile
@@ -6,10 +6,10 @@ include tor-browser_es.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_es
+noblacklist ${HOME}/.tor-browser_es
 mkdir ${HOME}/.tor-browser_es
-allow  ${HOME}/.tor-browser_es
+whitelist ${HOME}/.tor-browser_es
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile
index fc4285c5d..68414c277 100644
--- a/etc/profile-m-z/tor-browser_fa.profile
+++ b/etc/profile-m-z/tor-browser_fa.profile
@@ -6,10 +6,10 @@ include tor-browser_fa.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_fa
+noblacklist ${HOME}/.tor-browser_fa
 mkdir ${HOME}/.tor-browser_fa
-allow  ${HOME}/.tor-browser_fa
+whitelist ${HOME}/.tor-browser_fa
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile
index 2d0c0ff1f..0a8bb30b7 100644
--- a/etc/profile-m-z/tor-browser_fr.profile
+++ b/etc/profile-m-z/tor-browser_fr.profile
@@ -6,10 +6,10 @@ include tor-browser_fr.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_fr
+noblacklist ${HOME}/.tor-browser_fr
 mkdir ${HOME}/.tor-browser_fr
-allow  ${HOME}/.tor-browser_fr
+whitelist ${HOME}/.tor-browser_fr
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile
index 2880e1e2a..12354b900 100644
--- a/etc/profile-m-z/tor-browser_ga-IE.profile
+++ b/etc/profile-m-z/tor-browser_ga-IE.profile
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ga-IE
+noblacklist ${HOME}/.tor-browser_ga-IE
 mkdir ${HOME}/.tor-browser_ga-IE
-allow  ${HOME}/.tor-browser_ga-IE
+whitelist ${HOME}/.tor-browser_ga-IE
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile
index ac6993019..19cbb0809 100644
--- a/etc/profile-m-z/tor-browser_he.profile
+++ b/etc/profile-m-z/tor-browser_he.profile
@@ -6,10 +6,10 @@ include tor-browser_he.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_he
+noblacklist ${HOME}/.tor-browser_he
 mkdir ${HOME}/.tor-browser_he
-allow  ${HOME}/.tor-browser_he
+whitelist ${HOME}/.tor-browser_he
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile
index 6877a6be4..62b55e170 100644
--- a/etc/profile-m-z/tor-browser_hu.profile
+++ b/etc/profile-m-z/tor-browser_hu.profile
@@ -6,10 +6,10 @@ include tor-browser_hu.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_hu
+noblacklist ${HOME}/.tor-browser_hu
 mkdir ${HOME}/.tor-browser_hu
-allow  ${HOME}/.tor-browser_hu
+whitelist ${HOME}/.tor-browser_hu
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile
index 5f5601f74..2970a7747 100644
--- a/etc/profile-m-z/tor-browser_id.profile
+++ b/etc/profile-m-z/tor-browser_id.profile
@@ -6,10 +6,10 @@ include tor-browser_id.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_id
+noblacklist ${HOME}/.tor-browser_id
 mkdir ${HOME}/.tor-browser_id
-allow  ${HOME}/.tor-browser_id
+whitelist ${HOME}/.tor-browser_id
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile
index f0814d16e..f922c7644 100644
--- a/etc/profile-m-z/tor-browser_is.profile
+++ b/etc/profile-m-z/tor-browser_is.profile
@@ -6,10 +6,10 @@ include tor-browser_is.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_is
+noblacklist ${HOME}/.tor-browser_is
 mkdir ${HOME}/.tor-browser_is
-allow  ${HOME}/.tor-browser_is
+whitelist ${HOME}/.tor-browser_is
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile
index fa01f6bca..406901759 100644
--- a/etc/profile-m-z/tor-browser_it.profile
+++ b/etc/profile-m-z/tor-browser_it.profile
@@ -6,10 +6,10 @@ include tor-browser_it.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_it
+noblacklist ${HOME}/.tor-browser_it
 mkdir ${HOME}/.tor-browser_it
-allow  ${HOME}/.tor-browser_it
+whitelist ${HOME}/.tor-browser_it
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile
index dde107dd3..8f9d8d751 100644
--- a/etc/profile-m-z/tor-browser_ja.profile
+++ b/etc/profile-m-z/tor-browser_ja.profile
@@ -6,10 +6,10 @@ include tor-browser_ja.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ja
+noblacklist ${HOME}/.tor-browser_ja
 mkdir ${HOME}/.tor-browser_ja
-allow  ${HOME}/.tor-browser_ja
+whitelist ${HOME}/.tor-browser_ja
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile
index 7de4dff65..4de4135e1 100644
--- a/etc/profile-m-z/tor-browser_ka.profile
+++ b/etc/profile-m-z/tor-browser_ka.profile
@@ -6,10 +6,10 @@ include tor-browser_ka.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ka
+noblacklist ${HOME}/.tor-browser_ka
 mkdir ${HOME}/.tor-browser_ka
-allow  ${HOME}/.tor-browser_ka
+whitelist ${HOME}/.tor-browser_ka
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile
index 7e3ceb4d9..125c733ce 100644
--- a/etc/profile-m-z/tor-browser_ko.profile
+++ b/etc/profile-m-z/tor-browser_ko.profile
@@ -6,10 +6,10 @@ include tor-browser_ko.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ko
+noblacklist ${HOME}/.tor-browser_ko
 mkdir ${HOME}/.tor-browser_ko
-allow  ${HOME}/.tor-browser_ko
+whitelist ${HOME}/.tor-browser_ko
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile
index c11001960..dc6ac876b 100644
--- a/etc/profile-m-z/tor-browser_nb.profile
+++ b/etc/profile-m-z/tor-browser_nb.profile
@@ -6,10 +6,10 @@ include tor-browser_nb.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_nb
+noblacklist ${HOME}/.tor-browser_nb
 mkdir ${HOME}/.tor-browser_nb
-allow  ${HOME}/.tor-browser_nb
+whitelist ${HOME}/.tor-browser_nb
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile
index 2d1044f9d..2a3a5b519 100644
--- a/etc/profile-m-z/tor-browser_nl.profile
+++ b/etc/profile-m-z/tor-browser_nl.profile
@@ -6,10 +6,10 @@ include tor-browser_nl.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_nl
+noblacklist ${HOME}/.tor-browser_nl
 mkdir ${HOME}/.tor-browser_nl
-allow  ${HOME}/.tor-browser_nl
+whitelist ${HOME}/.tor-browser_nl
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile
index 2818320a0..b7dec32db 100644
--- a/etc/profile-m-z/tor-browser_pl.profile
+++ b/etc/profile-m-z/tor-browser_pl.profile
@@ -6,10 +6,10 @@ include tor-browser_pl.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_pl
+noblacklist ${HOME}/.tor-browser_pl
 mkdir ${HOME}/.tor-browser_pl
-allow  ${HOME}/.tor-browser_pl
+whitelist ${HOME}/.tor-browser_pl
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile
index 8c33e2545..7a7d4726c 100644
--- a/etc/profile-m-z/tor-browser_pt-BR.profile
+++ b/etc/profile-m-z/tor-browser_pt-BR.profile
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_pt-BR
+noblacklist ${HOME}/.tor-browser_pt-BR
 mkdir ${HOME}/.tor-browser_pt-BR
-allow  ${HOME}/.tor-browser_pt-BR
+whitelist ${HOME}/.tor-browser_pt-BR
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile
index 2553bb031..7d2e6bc97 100644
--- a/etc/profile-m-z/tor-browser_ru.profile
+++ b/etc/profile-m-z/tor-browser_ru.profile
@@ -6,10 +6,10 @@ include tor-browser_ru.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_ru
+noblacklist ${HOME}/.tor-browser_ru
 mkdir ${HOME}/.tor-browser_ru
-allow  ${HOME}/.tor-browser_ru
+whitelist ${HOME}/.tor-browser_ru
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile
index 3152cb658..585925e81 100644
--- a/etc/profile-m-z/tor-browser_sv-SE.profile
+++ b/etc/profile-m-z/tor-browser_sv-SE.profile
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_sv-SE
+noblacklist ${HOME}/.tor-browser_sv-SE
 mkdir ${HOME}/.tor-browser_sv-SE
-allow  ${HOME}/.tor-browser_sv-SE
+whitelist ${HOME}/.tor-browser_sv-SE
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile
index 9808d4725..4b0cc3821 100644
--- a/etc/profile-m-z/tor-browser_tr.profile
+++ b/etc/profile-m-z/tor-browser_tr.profile
@@ -6,10 +6,10 @@ include tor-browser_tr.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_tr
+noblacklist ${HOME}/.tor-browser_tr
 mkdir ${HOME}/.tor-browser_tr
-allow  ${HOME}/.tor-browser_tr
+whitelist ${HOME}/.tor-browser_tr
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile
index 364fca40b..4dcfbf56d 100644
--- a/etc/profile-m-z/tor-browser_vi.profile
+++ b/etc/profile-m-z/tor-browser_vi.profile
@@ -6,10 +6,10 @@ include tor-browser_vi.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_vi
+noblacklist ${HOME}/.tor-browser_vi
 mkdir ${HOME}/.tor-browser_vi
-allow  ${HOME}/.tor-browser_vi
+whitelist ${HOME}/.tor-browser_vi
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile
index 193e8a399..1e03b8d6b 100644
--- a/etc/profile-m-z/tor-browser_zh-CN.profile
+++ b/etc/profile-m-z/tor-browser_zh-CN.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_zh-CN
+noblacklist ${HOME}/.tor-browser_zh-CN
 mkdir ${HOME}/.tor-browser_zh-CN
-allow  ${HOME}/.tor-browser_zh-CN
+whitelist ${HOME}/.tor-browser_zh-CN
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile
index 047be9b8e..a2dcf5cf1 100644
--- a/etc/profile-m-z/tor-browser_zh-TW.profile
+++ b/etc/profile-m-z/tor-browser_zh-TW.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.tor-browser_zh-TW
+noblacklist ${HOME}/.tor-browser_zh-TW
 mkdir ${HOME}/.tor-browser_zh-TW
-allow  ${HOME}/.tor-browser_zh-TW
+whitelist ${HOME}/.tor-browser_zh-TW
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 65a37db5f..7659ed1e9 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -8,15 +8,15 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/torbrowser
+noblacklist ${HOME}/.config/torbrowser
-nodeny  ${HOME}/.local/share/torbrowser
+noblacklist ${HOME}/.local/share/torbrowser
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
-deny  /opt
+blacklist /opt
-deny  /srv
+blacklist /srv
 include disable-common.inc
 include disable-devel.inc
@@ -28,10 +28,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/torbrowser
 mkdir ${HOME}/.local/share/torbrowser
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/torbrowser
+whitelist ${HOME}/.config/torbrowser
-allow  ${HOME}/.local/share/torbrowser
+whitelist ${HOME}/.local/share/torbrowser
-allow  /usr/share/torbrowser-launcher
+whitelist /usr/share/torbrowser-launcher
 include whitelist-common.inc
 include whitelist-var-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile
index c5d89c3e3..0f98a8f64 100644
--- a/etc/profile-m-z/torcs.profile
+++ b/etc/profile-m-z/torcs.profile
@@ -6,7 +6,7 @@ include torcs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.torcs
+noblacklist ${HOME}/.torcs
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.torcs
-allow  ${HOME}/.torcs
+whitelist ${HOME}/.torcs
-allow  /usr/share/games/torcs
+whitelist /usr/share/games/torcs
-allow  /var/games/torcs
+whitelist /var/games/torcs
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile
index 77d3c55f8..70d9e0aee 100644
--- a/etc/profile-m-z/totem.profile
+++ b/etc/profile-m-z/totem.profile
@@ -13,8 +13,8 @@ include allow-lua.inc
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
-nodeny  ${HOME}/.config/totem
+noblacklist ${HOME}/.config/totem
-nodeny  ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/totem
 include disable-common.inc
 include disable-devel.inc
@@ -27,9 +27,9 @@ include disable-shell.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.config/totem
 mkdir ${HOME}/.local/share/totem
-allow  ${HOME}/.config/totem
+whitelist ${HOME}/.config/totem
-allow  ${HOME}/.local/share/totem
+whitelist ${HOME}/.local/share/totem
-allow  /usr/share/totem
+whitelist /usr/share/totem
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile
index 26f4abd0b..87c5de076 100644
--- a/etc/profile-m-z/tracker.profile
+++ b/etc/profile-m-z/tracker.profile
@@ -8,8 +8,8 @@ include globals.local
 # Tracker is started by systemd on most systems. Therefore it is not firejailed by default
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile
index d5920e2a2..ea118a9f0 100644
--- a/etc/profile-m-z/transgui.profile
+++ b/etc/profile-m-z/transgui.profile
@@ -6,7 +6,7 @@ include transgui.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/transgui
+noblacklist ${HOME}/.config/transgui
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/transgui
-allow  ${HOME}/.config/transgui
+whitelist ${HOME}/.config/transgui
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile
index 5c2cf9d9a..82671b709 100644
--- a/etc/profile-m-z/transmission-common.profile
+++ b/etc/profile-m-z/transmission-common.profile
@@ -7,8 +7,8 @@ include transmission-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.cache/transmission
+noblacklist ${HOME}/.cache/transmission
-nodeny  ${HOME}/.config/transmission
+noblacklist ${HOME}/.config/transmission
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/transmission
 mkdir ${HOME}/.config/transmission
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/transmission
+whitelist ${HOME}/.cache/transmission
-allow  ${HOME}/.config/transmission
+whitelist ${HOME}/.config/transmission
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 9f0c464fc..348d3cb80 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -10,8 +10,8 @@ include globals.local
 ignore caps.drop all
 mkdir ${HOME}/.config/transmission-daemon
-allow  ${HOME}/.config/transmission-daemon
+whitelist ${HOME}/.config/transmission-daemon
-allow  /var/lib/transmission
+whitelist /var/lib/transmission
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 protocol packet
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile
index 7c8eddcbc..a6400e2c0 100644
--- a/etc/profile-m-z/transmission-remote-gtk.profile
+++ b/etc/profile-m-z/transmission-remote-gtk.profile
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/transmission-remote-gtk
+noblacklist ${HOME}/.config/transmission-remote-gtk
 mkdir ${HOME}/.config/transmission-remote-gtk
-allow  ${HOME}/.config/transmission-remote-gtk
+whitelist ${HOME}/.config/transmission-remote-gtk
 private-etc fonts,hostname,hosts,resolv.conf
 # Problems with private-lib (see issue #2889)
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile
index c2797ddaa..aba563fac 100644
--- a/etc/profile-m-z/tremulous.profile
+++ b/etc/profile-m-z/tremulous.profile
@@ -6,7 +6,7 @@ include tremulous.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.tremulous
+noblacklist ${HOME}/.tremulous
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.tremulous
-allow  ${HOME}/.tremulous
+whitelist ${HOME}/.tremulous
-allow  /usr/share/tremulous
+whitelist /usr/share/tremulous
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 95f39b35d..2d95081f6 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -6,10 +6,10 @@ include trojita.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.abook
+noblacklist ${HOME}/.abook
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.cache/flaska.net/trojita
+noblacklist ${HOME}/.cache/flaska.net/trojita
-nodeny  ${HOME}/.config/flaska.net
+noblacklist ${HOME}/.config/flaska.net
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.abook
 mkdir ${HOME}/.cache/flaska.net/trojita
 mkdir ${HOME}/.config/flaska.net
-allow  ${HOME}/.abook
+whitelist ${HOME}/.abook
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.cache/flaska.net/trojita
+whitelist ${HOME}/.cache/flaska.net/trojita
-allow  ${HOME}/.config/flaska.net
+whitelist ${HOME}/.config/flaska.net
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile
index 76f289a27..749626475 100644
--- a/etc/profile-m-z/truecraft.profile
+++ b/etc/profile-m-z/truecraft.profile
@@ -5,8 +5,8 @@ include truecraft.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mono
+noblacklist ${HOME}/.config/mono
-nodeny  ${HOME}/.config/truecraft
+noblacklist ${HOME}/.config/truecraft
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/mono
 mkdir ${HOME}/.config/truecraft
-allow  ${HOME}/.config/mono
+whitelist ${HOME}/.config/mono
-allow  ${HOME}/.config/truecraft
+whitelist ${HOME}/.config/truecraft
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile
index cd6ae96df..8d4675454 100644
--- a/etc/profile-m-z/ts3client_runscript.sh.profile
+++ b/etc/profile-m-z/ts3client_runscript.sh.profile
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/TeamSpeak3-Client-linux_x86
+noblacklist ${HOME}/TeamSpeak3-Client-linux_x86
-nodeny  ${HOME}/TeamSpeak3-Client-linux_amd64
+noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64
-allow  ${HOME}/TeamSpeak3-Client-linux_x86
+whitelist ${HOME}/TeamSpeak3-Client-linux_x86
-allow  ${HOME}/TeamSpeak3-Client-linux_amd64
+whitelist ${HOME}/TeamSpeak3-Client-linux_amd64
 # Redirect
 include teamspeak3.profile
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile
index e59a86ce6..d2cb0cc8a 100644
--- a/etc/profile-m-z/tutanota-desktop.profile
+++ b/etc/profile-m-z/tutanota-desktop.profile
@@ -6,8 +6,8 @@ include tutanota-desktop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/tuta_integration
+noblacklist ${HOME}/.config/tuta_integration
-nodeny  ${HOME}/.config/tutanota-desktop
+noblacklist ${HOME}/.config/tutanota-desktop
 ignore noexec /tmp
@@ -15,12 +15,12 @@ include disable-shell.inc
 mkdir ${HOME}/.config/tuta_integration
 mkdir ${HOME}/.config/tutanota-desktop
-allow  ${HOME}/.config/tuta_integration
+whitelist ${HOME}/.config/tuta_integration
-allow  ${HOME}/.config/tutanota-desktop
+whitelist ${HOME}/.config/tutanota-desktop
 # These lines are needed to allow Firefox to open links
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 ?HAS_APPIMAGE: ignore private-dev
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile
index 5bb97e161..3cd496412 100644
--- a/etc/profile-m-z/tuxguitar.profile
+++ b/etc/profile-m-z/tuxguitar.profile
@@ -9,9 +9,9 @@ include globals.local
 # tuxguitar fails to launch
 ignore noexec ${HOME}
-nodeny  ${HOME}/.tuxguitar*
+noblacklist ${HOME}/.tuxguitar*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile
index 8febcd337..dae7d86da 100644
--- a/etc/profile-m-z/tvbrowser.profile
+++ b/etc/profile-m-z/tvbrowser.profile
@@ -6,8 +6,8 @@ include tvbrowser.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/tvbrowser
+noblacklist ${HOME}/.config/tvbrowser
-nodeny  ${HOME}/.tvbrowser
+noblacklist ${HOME}/.tvbrowser
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/tvbrowser
 mkdir ${HOME}/.tvbrowser
-allow  ${HOME}/.config/tvbrowser
+whitelist ${HOME}/.config/tvbrowser
-allow  ${HOME}/.tvbrowser
+whitelist ${HOME}/.tvbrowser
-allow  /usr/share/tvbrowser
+whitelist /usr/share/tvbrowser
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
index abcc885e6..2f573c872 100644
--- a/etc/profile-m-z/twitch.profile
+++ b/etc/profile-m-z/twitch.profile
@@ -10,12 +10,12 @@ include globals.local
 ignore nou2f
 ignore novideo
-nodeny  ${HOME}/.config/Twitch
+noblacklist ${HOME}/.config/Twitch
 include disable-shell.inc
 mkdir ${HOME}/.config/Twitch
-allow  ${HOME}/.config/Twitch
+whitelist ${HOME}/.config/Twitch
 private-bin twitch
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile
index 8c705c95f..3e4fdbb03 100644
--- a/etc/profile-m-z/uefitool.profile
+++ b/etc/profile-m-z/uefitool.profile
@@ -5,7 +5,7 @@ include uefitool.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile
index eed2db541..4420099ff 100644
--- a/etc/profile-m-z/uget-gtk.profile
+++ b/etc/profile-m-z/uget-gtk.profile
@@ -5,7 +5,7 @@ include uget-gtk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/uGet
+noblacklist ${HOME}/.config/uGet
 include disable-common.inc
 include disable-devel.inc
@@ -14,8 +14,8 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/uGet
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/uGet
+whitelist ${HOME}/.config/uGet
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index 7e7b3fbec..0c077babf 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -6,11 +6,11 @@ include unbound.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 include whitelist-usr-share-common.inc
-allow  /var/lib/unbound
+whitelist /var/lib/unbound
-allow  /var/run
+whitelist /var/run
 caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource
 ipc-namespace
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile
index 846271971..6db7ba362 100644
--- a/etc/profile-m-z/unf.profile
+++ b/etc/profile-m-z/unf.profile
@@ -7,7 +7,7 @@ include unf.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile
index 3e1c6264d..956492f52 100644
--- a/etc/profile-m-z/unknown-horizons.profile
+++ b/etc/profile-m-z/unknown-horizons.profile
@@ -6,7 +6,7 @@ include unknown-horizons.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.unknown-horizons
+noblacklist ${HOME}/.unknown-horizons
 include disable-common.inc
 include disable-exec.inc
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.unknown-horizons
-allow  ${HOME}/.unknown-horizons
+whitelist ${HOME}/.unknown-horizons
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-allow  /usr/share/unknown-horizons
+whitelist /usr/share/unknown-horizons
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index 99d2415ca..0231e3dba 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -8,7 +8,7 @@ include unzip.local
 include globals.local
 # GNOME Shell integration (chrome-gnome-shell)
-nodeny  ${HOME}/.local/share/gnome-shell
+noblacklist ${HOME}/.local/share/gnome-shell
 private-etc alternatives,group,localtime,passwd
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile
index 3b0f7c646..dd881f091 100644
--- a/etc/profile-m-z/utox.profile
+++ b/etc/profile-m-z/utox.profile
@@ -6,8 +6,8 @@ include utox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Tox
+noblacklist ${HOME}/.cache/Tox
-nodeny  ${HOME}/.config/tox
+noblacklist ${HOME}/.config/tox
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/tox
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/tox
+whitelist ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile
index 3bda71666..2adc044e5 100644
--- a/etc/profile-m-z/uudeview.profile
+++ b/etc/profile-m-z/uudeview.profile
@@ -7,7 +7,7 @@ include uudeview.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile
index 6899f4bf7..41487a8f2 100644
--- a/etc/profile-m-z/uzbl-browser.profile
+++ b/etc/profile-m-z/uzbl-browser.profile
@@ -5,9 +5,9 @@ include uzbl-browser.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/uzbl
+noblacklist ${HOME}/.config/uzbl
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/uzbl
+noblacklist ${HOME}/.local/share/uzbl
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.local/share/uzbl
 mkdir ${HOME}/.password-store
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/uzbl
+whitelist ${HOME}/.config/uzbl
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.local/share/uzbl
+whitelist ${HOME}/.local/share/uzbl
-allow  ${HOME}/.password-store
+whitelist ${HOME}/.password-store
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile
index e0bf02706..a9ba344dd 100644
--- a/etc/profile-m-z/viewnior.profile
+++ b/etc/profile-m-z/viewnior.profile
@@ -6,11 +6,11 @@ include viewnior.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.config/viewnior
+noblacklist ${HOME}/.config/viewnior
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile
index b16f691d6..8f8ef5939 100644
--- a/etc/profile-m-z/viking.profile
+++ b/etc/profile-m-z/viking.profile
@@ -6,9 +6,9 @@ include viking.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.viking
+noblacklist ${HOME}/.viking
-nodeny  ${HOME}/.viking-maps
+noblacklist ${HOME}/.viking-maps
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile
index b535225dd..c3cfe5980 100644
--- a/etc/profile-m-z/vim.profile
+++ b/etc/profile-m-z/vim.profile
@@ -6,9 +6,9 @@ include vim.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.vim
+noblacklist ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.viminfo
-nodeny  ${HOME}/.vimrc
+noblacklist ${HOME}/.vimrc
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index f28828338..c22fb0ff9 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -6,12 +6,12 @@ include virtualbox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.VirtualBox
+noblacklist ${HOME}/.VirtualBox
-nodeny  ${HOME}/.config/VirtualBox
+noblacklist ${HOME}/.config/VirtualBox
-nodeny  ${HOME}/VirtualBox VMs
+noblacklist ${HOME}/VirtualBox VMs
 # noblacklist /usr/bin/virtualbox
-nodeny  /usr/lib/virtualbox
+noblacklist /usr/lib/virtualbox
-nodeny  /usr/lib64/virtualbox
+noblacklist /usr/lib64/virtualbox
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/VirtualBox
 mkdir ${HOME}/VirtualBox VMs
-allow  ${HOME}/.config/VirtualBox
+whitelist ${HOME}/.config/VirtualBox
-allow  ${HOME}/VirtualBox VMs
+whitelist ${HOME}/VirtualBox VMs
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/virtualbox
+whitelist /usr/share/virtualbox
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile
index 3858405db..fdeb0307f 100644
--- a/etc/profile-m-z/vivaldi.profile
+++ b/etc/profile-m-z/vivaldi.profile
@@ -8,26 +8,26 @@ include globals.local
 # Allow HTML5 Proprietary Media & DRM/EME (Widevine)
 ignore apparmor
 ignore noexec /var
-nodeny  /var/opt
+noblacklist /var/opt
-allow  /var/opt/vivaldi
+whitelist /var/opt/vivaldi
 writable-var
-nodeny  ${HOME}/.cache/vivaldi
+noblacklist ${HOME}/.cache/vivaldi
-nodeny  ${HOME}/.cache/vivaldi-snapshot
+noblacklist ${HOME}/.cache/vivaldi-snapshot
-nodeny  ${HOME}/.config/vivaldi
+noblacklist ${HOME}/.config/vivaldi
-nodeny  ${HOME}/.config/vivaldi-snapshot
+noblacklist ${HOME}/.config/vivaldi-snapshot
-nodeny  ${HOME}/.local/lib/vivaldi
+noblacklist ${HOME}/.local/lib/vivaldi
 mkdir ${HOME}/.cache/vivaldi
 mkdir ${HOME}/.cache/vivaldi-snapshot
 mkdir ${HOME}/.config/vivaldi
 mkdir ${HOME}/.config/vivaldi-snapshot
 mkdir ${HOME}/.local/lib/vivaldi
-allow  ${HOME}/.cache/vivaldi
+whitelist ${HOME}/.cache/vivaldi
-allow  ${HOME}/.cache/vivaldi-snapshot
+whitelist ${HOME}/.cache/vivaldi-snapshot
-allow  ${HOME}/.config/vivaldi
+whitelist ${HOME}/.config/vivaldi
-allow  ${HOME}/.config/vivaldi-snapshot
+whitelist ${HOME}/.config/vivaldi-snapshot
-allow  ${HOME}/.local/lib/vivaldi
+whitelist ${HOME}/.local/lib/vivaldi
 #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile
index ede2d4525..cd7dccd8a 100644
--- a/etc/profile-m-z/vlc.profile
+++ b/etc/profile-m-z/vlc.profile
@@ -6,10 +6,10 @@ include vlc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/vlc
+noblacklist ${HOME}/.cache/vlc
-nodeny  ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/vlc
-nodeny  ${HOME}/.config/aacs
+noblacklist ${HOME}/.config/aacs
-nodeny  ${HOME}/.local/share/vlc
+noblacklist ${HOME}/.local/share/vlc
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.cache/vlc
 mkdir ${HOME}/.config/vlc
 mkdir ${HOME}/.local/share/vlc
-allow  ${HOME}/.cache/vlc
+whitelist ${HOME}/.cache/vlc
-allow  ${HOME}/.config/vlc
+whitelist ${HOME}/.config/vlc
-allow  ${HOME}/.config/aacs
+whitelist ${HOME}/.config/aacs
-allow  ${HOME}/.local/share/vlc
+whitelist ${HOME}/.local/share/vlc
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile
index f23e90e84..f07c31b68 100644
--- a/etc/profile-m-z/vmware-view.profile
+++ b/etc/profile-m-z/vmware-view.profile
@@ -6,10 +6,10 @@ include vmware-view.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.vmware
+noblacklist ${HOME}/.vmware
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 include allow-bin-sh.inc
@@ -23,7 +23,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.vmware
-allow  ${HOME}/.vmware
+whitelist ${HOME}/.vmware
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile
index 3a535588f..5241e27b3 100644
--- a/etc/profile-m-z/vmware.profile
+++ b/etc/profile-m-z/vmware.profile
@@ -6,8 +6,8 @@ include vmware.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/vmware
+noblacklist ${HOME}/.cache/vmware
-nodeny  ${HOME}/.vmware
+noblacklist ${HOME}/.vmware
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/vmware
 mkdir ${HOME}/.vmware
-allow  ${HOME}/.cache/vmware
+whitelist ${HOME}/.cache/vmware
-allow  ${HOME}/.vmware
+whitelist ${HOME}/.vmware
 # Add the next lines to your vmware.local if you need to use "shared VM".
 #whitelist /var/lib/vmware
 #writable-var
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile
index 7996113f5..a4a4fb7d8 100644
--- a/etc/profile-m-z/vscodium.profile
+++ b/etc/profile-m-z/vscodium.profile
@@ -6,7 +6,7 @@ include vscodium.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.VSCodium
+noblacklist ${HOME}/.VSCodium
 # Redirect
 include code.profile
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile
index a6c38c1f1..fa6ddf1fb 100644
--- a/etc/profile-m-z/vulturesclaw.profile
+++ b/etc/profile-m-z/vulturesclaw.profile
@@ -6,8 +6,8 @@ include vulturesclaw.local
 # added by included profile
 #include globals.local
-nodeny  /var/games/vulturesclaw
+noblacklist /var/games/vulturesclaw
-allow  /var/games/vulturesclaw
+whitelist /var/games/vulturesclaw
 # Redirect
 include nethack-vultures.profile
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile
index 763c50bf6..49d3fa94f 100644
--- a/etc/profile-m-z/vultureseye.profile
+++ b/etc/profile-m-z/vultureseye.profile
@@ -6,8 +6,8 @@ include vultureseye.local
 # added by included profile
 #include globals.local
-nodeny  /var/games/vultureseye
+noblacklist /var/games/vultureseye
-allow  /var/games/vultureseye
+whitelist /var/games/vultureseye
 # Redirect
 include nethack-vultures.profile
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile
index 1f2462c32..5421c4e4b 100644
--- a/etc/profile-m-z/vym.profile
+++ b/etc/profile-m-z/vym.profile
@@ -6,7 +6,7 @@ include vym.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/InSilmaril
+noblacklist ${HOME}/.config/InSilmaril
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 6b38bbf13..69b2c6c59 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -12,10 +12,10 @@ include globals.local
 #ignore private-dev
 #ignore private-etc
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -33,9 +33,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.w3m
-allow  /usr/share/w3m
+whitelist /usr/share/w3m
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile
index 6658ac5db..1227a202c 100644
--- a/etc/profile-m-z/warmux.profile
+++ b/etc/profile-m-z/warmux.profile
@@ -6,9 +6,9 @@ include warmux.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/wormux
+noblacklist ${HOME}/.config/wormux
-nodeny  ${HOME}/.local/share/wormux
+noblacklist ${HOME}/.local/share/wormux
-nodeny  ${HOME}/.wormux
+noblacklist ${HOME}/.wormux
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/wormux
 mkdir ${HOME}/.local/share/wormux
 mkdir ${HOME}/.wormux
-allow  ${HOME}/.config/wormux
+whitelist ${HOME}/.config/wormux
-allow  ${HOME}/.local/share/wormux
+whitelist ${HOME}/.local/share/wormux
-allow  ${HOME}/.wormux
+whitelist ${HOME}/.wormux
-allow  /usr/share/warmux
+whitelist /usr/share/warmux
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile
index fac4d0555..e0cd3daad 100644
--- a/etc/profile-m-z/warsow.profile
+++ b/etc/profile-m-z/warsow.profile
@@ -8,8 +8,8 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/warsow-2.1
+noblacklist ${HOME}/.cache/warsow-2.1
-nodeny  ${HOME}/.local/share/warsow-2.1
+noblacklist ${HOME}/.local/share/warsow-2.1
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/warsow-2.1
 mkdir ${HOME}/.local/share/warsow-2.1
-allow  ${HOME}/.cache/warsow-2.1
+whitelist ${HOME}/.cache/warsow-2.1
-allow  ${HOME}/.local/share/warsow-2.1
+whitelist ${HOME}/.local/share/warsow-2.1
-allow  /usr/share/warsow
+whitelist /usr/share/warsow
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile
index 081ae349b..420e8927e 100644
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@@ -6,7 +6,7 @@ include warzone2100.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.warzone2100-3.*
+noblacklist ${HOME}/.warzone2100-3.*
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 mkdir ${HOME}/.warzone2100-3.1
 mkdir ${HOME}/.warzone2100-3.2
-allow  ${HOME}/.warzone2100-3.1
+whitelist ${HOME}/.warzone2100-3.1
-allow  ${HOME}/.warzone2100-3.2
+whitelist ${HOME}/.warzone2100-3.2
-allow  /usr/share/games
+whitelist /usr/share/games
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile
index 4081b29b9..18f1ca79a 100644
--- a/etc/profile-m-z/waterfox.profile
+++ b/etc/profile-m-z/waterfox.profile
@@ -5,13 +5,13 @@ include waterfox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/waterfox
+noblacklist ${HOME}/.cache/waterfox
-nodeny  ${HOME}/.waterfox
+noblacklist ${HOME}/.waterfox
 mkdir ${HOME}/.cache/waterfox
 mkdir ${HOME}/.waterfox
-allow  ${HOME}/.cache/waterfox
+whitelist ${HOME}/.cache/waterfox
-allow  ${HOME}/.waterfox
+whitelist ${HOME}/.waterfox
 # Add the next lines to your watefox.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile
index 1f42dae2c..69e96d0cd 100644
--- a/etc/profile-m-z/webstorm.profile
+++ b/etc/profile-m-z/webstorm.profile
@@ -5,12 +5,12 @@ include webstorm.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.WebStorm*
+noblacklist ${HOME}/.WebStorm*
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc)
-nodeny  ${HOME}/.config/dolphinrc
+noblacklist ${HOME}/.config/dolphinrc
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -18,8 +18,8 @@ include allow-common-devel.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
-nodeny  ${PATH}/node
+noblacklist ${PATH}/node
-nodeny  ${HOME}/.nvm
+noblacklist ${HOME}/.nvm
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile
index d1bbcfb67..d5a998f35 100644
--- a/etc/profile-m-z/webui-aria2.profile
+++ b/etc/profile-m-z/webui-aria2.profile
@@ -6,7 +6,7 @@ include webui-aria2.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PATH}/node
+noblacklist ${PATH}/node
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile
index 99941a590..76935212f 100644
--- a/etc/profile-m-z/weechat.profile
+++ b/etc/profile-m-z/weechat.profile
@@ -6,12 +6,12 @@ include weechat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.weechat
+noblacklist ${HOME}/.weechat
 include disable-common.inc
 include disable-programs.inc
-allow  /usr/share/weechat
+whitelist /usr/share/weechat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile
index 47b923e6a..199b3c6f0 100644
--- a/etc/profile-m-z/wesnoth.profile
+++ b/etc/profile-m-z/wesnoth.profile
@@ -6,9 +6,9 @@ include wesnoth.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/wesnoth
+noblacklist ${HOME}/.cache/wesnoth
-nodeny  ${HOME}/.config/wesnoth
+noblacklist ${HOME}/.config/wesnoth
-nodeny  ${HOME}/.local/share/wesnoth
+noblacklist ${HOME}/.local/share/wesnoth
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/wesnoth
 mkdir ${HOME}/.config/wesnoth
 mkdir ${HOME}/.local/share/wesnoth
-allow  ${HOME}/.cache/wesnoth
+whitelist ${HOME}/.cache/wesnoth
-allow  ${HOME}/.config/wesnoth
+whitelist ${HOME}/.config/wesnoth
-allow  ${HOME}/.local/share/wesnoth
+whitelist ${HOME}/.local/share/wesnoth
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index 3c4a4eb63..53c4711bd 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -7,12 +7,12 @@ include wget.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-nodeny  ${HOME}/.wget-hsts
+noblacklist ${HOME}/.wget-hsts
-nodeny  ${HOME}/.wgetrc
+noblacklist ${HOME}/.wgetrc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile
index fdbd406c2..22a84274d 100644
--- a/etc/profile-m-z/whalebird.profile
+++ b/etc/profile-m-z/whalebird.profile
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/Whalebird
+noblacklist ${HOME}/.config/Whalebird
 mkdir ${HOME}/.config/Whalebird
-allow  ${HOME}/.config/Whalebird
+whitelist ${HOME}/.config/Whalebird
 no3d
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index 35d7fe9cb..93871a5a4 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -7,8 +7,8 @@ include whois.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile
index 8f5adb0fc..0dc26b11d 100644
--- a/etc/profile-m-z/widelands.profile
+++ b/etc/profile-m-z/widelands.profile
@@ -6,7 +6,7 @@ include widelands.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.widelands
+noblacklist ${HOME}/.widelands
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.widelands
-allow  ${HOME}/.widelands
+whitelist ${HOME}/.widelands
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 6bc68c829..0ea24aafd 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -6,13 +6,13 @@ include wine.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.cache/winetricks
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.local/share/Steam
+noblacklist ${HOME}/.local/share/Steam
-nodeny  ${HOME}/.local/share/steam
+noblacklist ${HOME}/.local/share/steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
-nodeny  ${HOME}/.wine
+noblacklist ${HOME}/.wine
-nodeny  /tmp/.wine-*
+noblacklist /tmp/.wine-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile
index 5f40bbd48..151cd2adb 100644
--- a/etc/profile-m-z/wire-desktop.profile
+++ b/etc/profile-m-z/wire-desktop.profile
@@ -20,10 +20,10 @@ ignore private-cache
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/Wire
+noblacklist ${HOME}/.config/Wire
 mkdir ${HOME}/.config/Wire
-allow  ${HOME}/.config/Wire
+whitelist ${HOME}/.config/Wire
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop
 private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
index f3f347283..1824026a8 100644
--- a/etc/profile-m-z/wireshark.profile
+++ b/etc/profile-m-z/wireshark.profile
@@ -6,9 +6,9 @@ include wireshark.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/wireshark
+noblacklist ${HOME}/.config/wireshark
-nodeny  ${HOME}/.wireshark
+noblacklist ${HOME}/.wireshark
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/wireshark
+whitelist /usr/share/wireshark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile
index 1f1541a20..9c724a5d2 100644
--- a/etc/profile-m-z/wordwarvi.profile
+++ b/etc/profile-m-z/wordwarvi.profile
@@ -6,7 +6,7 @@ include wordwarvi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.wordwarvi
+noblacklist ${HOME}/.wordwarvi
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.wordwarvi
-allow  ${HOME}/.wordwarvi
+whitelist ${HOME}/.wordwarvi
-allow  /usr/share/wordwarvi
+whitelist /usr/share/wordwarvi
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile
index 6d16dfb04..a44b6490e 100644
--- a/etc/profile-m-z/wps.profile
+++ b/etc/profile-m-z/wps.profile
@@ -6,9 +6,9 @@ include wps.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kingsoft
+noblacklist ${HOME}/.kingsoft
-nodeny  ${HOME}/.config/Kingsoft
+noblacklist ${HOME}/.config/Kingsoft
-nodeny  ${HOME}/.local/share/Kingsoft
+noblacklist ${HOME}/.local/share/Kingsoft
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile
index 311746cd9..557f07cd9 100644
--- a/etc/profile-m-z/x2goclient.profile
+++ b/etc/profile-m-z/x2goclient.profile
@@ -6,8 +6,8 @@ include x2goclient.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.x2go
+noblacklist ${HOME}/.x2go
-nodeny  ${HOME}/.x2goclient
+noblacklist ${HOME}/.x2goclient
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile
index e545aa3a0..384f76acc 100644
--- a/etc/profile-m-z/xbill.profile
+++ b/etc/profile-m-z/xbill.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/xbill
+whitelist /usr/share/xbill
-allow  /var/games/xbill/scores
+whitelist /var/games/xbill/scores
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile
index 7d0adbcc2..a94444aab 100644
--- a/etc/profile-m-z/xchat.profile
+++ b/etc/profile-m-z/xchat.profile
@@ -6,7 +6,7 @@ include xchat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xchat
+noblacklist ${HOME}/.config/xchat
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile
index 5db709bd1..4a3022e83 100644
--- a/etc/profile-m-z/xed.profile
+++ b/etc/profile-m-z/xed.profile
@@ -5,10 +5,10 @@ include xed.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xed
+noblacklist ${HOME}/.config/xed
-nodeny  ${HOME}/.python-history
+noblacklist ${HOME}/.python-history
-nodeny  ${HOME}/.python_history
+noblacklist ${HOME}/.python_history
-nodeny  ${HOME}/.pythonhist
+noblacklist ${HOME}/.pythonhist
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile
index 297ff6164..cd9561e74 100644
--- a/etc/profile-m-z/xfburn.profile
+++ b/etc/profile-m-z/xfburn.profile
@@ -6,7 +6,7 @@ include xfburn.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xfburn
+noblacklist ${HOME}/.config/xfburn
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile
index 8ecd84116..ecd321c7e 100644
--- a/etc/profile-m-z/xfce4-dict.profile
+++ b/etc/profile-m-z/xfce4-dict.profile
@@ -6,7 +6,7 @@ include xfce4-dict.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xfce4-dict
+noblacklist ${HOME}/.config/xfce4-dict
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile
index 8a6f9e921..bb38dbebd 100644
--- a/etc/profile-m-z/xfce4-mixer.profile
+++ b/etc/profile-m-z/xfce4-mixer.profile
@@ -6,7 +6,7 @@ include xfce4-mixer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
 include disable-common.inc
 include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-allow  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-allow  /usr/share/gstreamer-*
+whitelist /usr/share/gstreamer-*
-allow  /usr/share/xfce4
+whitelist /usr/share/xfce4
-allow  /usr/share/xfce4-mixer
+whitelist /usr/share/xfce4-mixer
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile
index fe88f9b27..ebfb4333c 100644
--- a/etc/profile-m-z/xfce4-notes.profile
+++ b/etc/profile-m-z/xfce4-notes.profile
@@ -6,9 +6,9 @@ include xfce4-notes.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
-nodeny  ${HOME}/.config/xfce4/xfce4-notes.rc
+noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
-nodeny  ${HOME}/.local/share/notes
+noblacklist ${HOME}/.local/share/notes
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile
index baf222354..b1e5bafbf 100644
--- a/etc/profile-m-z/xfce4-screenshooter.profile
+++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/xfce4
+whitelist /usr/share/xfce4
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile
index 5c11cbd66..81d98db7a 100644
--- a/etc/profile-m-z/xiphos.profile
+++ b/etc/profile-m-z/xiphos.profile
@@ -6,10 +6,10 @@ include xiphos.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.sword
+noblacklist ${HOME}/.sword
-nodeny  ${HOME}/.xiphos
+noblacklist ${HOME}/.xiphos
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 include disable-common.inc
 include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.xiphos
-allow  ${HOME}/.sword
+whitelist ${HOME}/.sword
-allow  ${HOME}/.xiphos
+whitelist ${HOME}/.xiphos
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile
index da4801101..d5e25cfe7 100644
--- a/etc/profile-m-z/xlinks.profile
+++ b/etc/profile-m-z/xlinks.profile
@@ -7,7 +7,7 @@ include xlinks.local
 # added by included profile
 #include globals.local
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
 include whitelist-common.inc
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2
index a7612cb2a..1ae6a60ca 100644
--- a/etc/profile-m-z/xlinks2
+++ b/etc/profile-m-z/xlinks2
@@ -7,7 +7,7 @@ include xlinks2.local
 # added by included profile
 #include globals.local
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
 include whitelist-common.inc
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile
index 1ed35f29a..25261d925 100644
--- a/etc/profile-m-z/xmms.profile
+++ b/etc/profile-m-z/xmms.profile
@@ -5,8 +5,8 @@ include xmms.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.xmms
+noblacklist ${HOME}/.xmms
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile
index c97c12f56..e7020f36b 100644
--- a/etc/profile-m-z/xmr-stak.profile
+++ b/etc/profile-m-z/xmr-stak.profile
@@ -5,7 +5,7 @@ include xmr-stak.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.xmr-stak
+noblacklist ${HOME}/.xmr-stak
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile
index 94a09198c..53c9a0a08 100644
--- a/etc/profile-m-z/xonotic.profile
+++ b/etc/profile-m-z/xonotic.profile
@@ -6,7 +6,7 @@ include xonotic.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.xonotic
+noblacklist ${HOME}/.xonotic
 include allow-bin-sh.inc
 include allow-opengl-game.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.xonotic
-allow  ${HOME}/.xonotic
+whitelist ${HOME}/.xonotic
-allow  /usr/share/xonotic
+whitelist /usr/share/xonotic
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile
index 34a188a4e..c4f092d50 100644
--- a/etc/profile-m-z/xournal.profile
+++ b/etc/profile-m-z/xournal.profile
@@ -6,7 +6,7 @@ include xournal.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/xournal
+whitelist /usr/share/xournal
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile
index f82d2a5d3..988b878b9 100644
--- a/etc/profile-m-z/xournalpp.profile
+++ b/etc/profile-m-z/xournalpp.profile
@@ -7,13 +7,13 @@ include xournalpp.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.xournalpp
+noblacklist ${HOME}/.xournalpp
 include allow-lua.inc
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/xournalpp
+whitelist /usr/share/xournalpp
-allow  /var/lib/texmf
+whitelist /var/lib/texmf
 include whitelist-runuser-common.inc
 #mkdir ${HOME}/.xournalpp
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile
index 9da63b52a..1447ec9a7 100644
--- a/etc/profile-m-z/xpdf.profile
+++ b/etc/profile-m-z/xpdf.profile
@@ -6,8 +6,8 @@ include xpdf.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.xpdfrc
+noblacklist ${HOME}/.xpdfrc
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile
index 4af4586e3..c3bb3292c 100644
--- a/etc/profile-m-z/xplayer.profile
+++ b/etc/profile-m-z/xplayer.profile
@@ -5,8 +5,8 @@ include xplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/xplayer
+noblacklist ${HOME}/.config/xplayer
-nodeny  ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.local/share/xplayer
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-programs.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.config/xplayer
 mkdir ${HOME}/.local/share/xplayer
-allow  ${HOME}/.config/xplayer
+whitelist ${HOME}/.config/xplayer
-allow  ${HOME}/.local/share/xplayer
+whitelist ${HOME}/.local/share/xplayer
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile
index 28fbc94dd..6e409e1aa 100644
--- a/etc/profile-m-z/xpra.profile
+++ b/etc/profile-m-z/xpra.profile
@@ -25,7 +25,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/lib/xkb
+whitelist /var/lib/xkb
 # whitelisting home directory, or including whitelist-common.inc
 # will crash xpra on some platforms
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile
index 440f26af2..3ab35edfc 100644
--- a/etc/profile-m-z/xreader.profile
+++ b/etc/profile-m-z/xreader.profile
@@ -6,9 +6,9 @@ include xreader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/xreader
+noblacklist ${HOME}/.cache/xreader
-nodeny  ${HOME}/.config/xreader
+noblacklist ${HOME}/.config/xreader
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile
index 671e0cf5b..4d454f81c 100644
--- a/etc/profile-m-z/xviewer.profile
+++ b/etc/profile-m-z/xviewer.profile
@@ -5,10 +5,10 @@ include xviewer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.config/xviewer
+noblacklist ${HOME}/.config/xviewer
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/Trash
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile
index 27d0eb411..81cd021f7 100644
--- a/etc/profile-m-z/yandex-browser.profile
+++ b/etc/profile-m-z/yandex-browser.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/yandex-browser
+noblacklist ${HOME}/.cache/yandex-browser
-nodeny  ${HOME}/.cache/yandex-browser-beta
+noblacklist ${HOME}/.cache/yandex-browser-beta
-nodeny  ${HOME}/.config/yandex-browser
+noblacklist ${HOME}/.config/yandex-browser
-nodeny  ${HOME}/.config/yandex-browser-beta
+noblacklist ${HOME}/.config/yandex-browser-beta
 mkdir ${HOME}/.cache/yandex-browser
 mkdir ${HOME}/.cache/yandex-browser-beta
 mkdir ${HOME}/.config/yandex-browser
 mkdir ${HOME}/.config/yandex-browser-beta
-allow  ${HOME}/.cache/yandex-browser
+whitelist ${HOME}/.cache/yandex-browser
-allow  ${HOME}/.cache/yandex-browser-beta
+whitelist ${HOME}/.cache/yandex-browser-beta
-allow  ${HOME}/.config/yandex-browser
+whitelist ${HOME}/.config/yandex-browser
-allow  ${HOME}/.config/yandex-browser-beta
+whitelist ${HOME}/.config/yandex-browser-beta
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index b288993f2..dee154409 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -6,7 +6,7 @@ include yelp.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/yelp
+noblacklist ${HOME}/.config/yelp
 include disable-common.inc
 include disable-devel.inc
@@ -18,15 +18,15 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/yelp
-allow  ${HOME}/.config/yelp
+whitelist ${HOME}/.config/yelp
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/groff
+whitelist /usr/share/groff
-allow  /usr/share/help
+whitelist /usr/share/help
-allow  /usr/share/man
+whitelist /usr/share/man
-allow  /usr/share/yelp
+whitelist /usr/share/yelp
-allow  /usr/share/yelp-tools
+whitelist /usr/share/yelp-tools
-allow  /usr/share/yelp-xsl
+whitelist /usr/share/yelp-xsl
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
index 26ea3acaa..b52271a2c 100644
--- a/etc/profile-m-z/youtube-dl-gui.profile
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -8,7 +8,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
-nodeny  ${HOME}/.config/youtube-dlg
+noblacklist ${HOME}/.config/youtube-dlg
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/youtube-dlg
-allow  ${HOME}/.config/youtube-dlg
+whitelist ${HOME}/.config/youtube-dlg
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile
index 37f87d0b5..24c4d6db3 100644
--- a/etc/profile-m-z/youtube-dl.profile
+++ b/etc/profile-m-z/youtube-dl.profile
@@ -10,18 +10,18 @@ include globals.local
 # breaks when installed under ${HOME} via `pip install --user` (see #2833)
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.cache/youtube-dl
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile
index 84b8bbc6a..b54dd37ad 100644
--- a/etc/profile-m-z/youtube-viewer.profile
+++ b/etc/profile-m-z/youtube-viewer.profile
@@ -7,13 +7,13 @@ include youtube-viewer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/youtube-viewer
+noblacklist ${HOME}/.cache/youtube-viewer
-nodeny  ${HOME}/.config/youtube-viewer
+noblacklist ${HOME}/.config/youtube-viewer
 mkdir ${HOME}/.cache/youtube-viewer
 mkdir ${HOME}/.config/youtube-viewer
-allow  ${HOME}/.cache/youtube-viewer
+whitelist ${HOME}/.cache/youtube-viewer
-allow  ${HOME}/.config/youtube-viewer
+whitelist ${HOME}/.config/youtube-viewer
 private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index f531f815e..25a073d4a 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -7,7 +7,7 @@ include youtube-viewers-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.cache/youtube-dl
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
index b015fb013..ad7ceaee4 100644
--- a/etc/profile-m-z/youtube.profile
+++ b/etc/profile-m-z/youtube.profile
@@ -9,12 +9,12 @@ include globals.local
 # Disabled until someone reported positive feedback
 ignore nou2f
-nodeny  ${HOME}/.config/Youtube
+noblacklist ${HOME}/.config/Youtube
 include disable-shell.inc
 mkdir ${HOME}/.config/Youtube
-allow  ${HOME}/.config/Youtube
+whitelist ${HOME}/.config/Youtube
 private-bin youtube
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
index d594a3d0f..74b0e38b9 100644
--- a/etc/profile-m-z/youtubemusic-nativefier.profile
+++ b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -6,12 +6,12 @@ include youtube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/youtubemusic-nativefier-040164
+noblacklist ${HOME}/.config/youtubemusic-nativefier-040164
 include disable-shell.inc
 mkdir ${HOME}/.config/youtubemusic-nativefier-040164
-allow  ${HOME}/.config/youtubemusic-nativefier-040164
+whitelist ${HOME}/.config/youtubemusic-nativefier-040164
 private-bin youtubemusic-nativefier
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile
index 9987c953e..ab46fccc2 100644
--- a/etc/profile-m-z/ytmdesktop.profile
+++ b/etc/profile-m-z/ytmdesktop.profile
@@ -8,10 +8,10 @@ include globals.local
 ignore dbus-user none
-nodeny  ${HOME}/.config/youtube-music-desktop-app
+noblacklist ${HOME}/.config/youtube-music-desktop-app
 mkdir ${HOME}/.config/youtube-music-desktop-app
-allow  ${HOME}/.config/youtube-music-desktop-app
+whitelist ${HOME}/.config/youtube-music-desktop-app
 # private-bin env,ytmdesktop
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile
index 2f18a8c45..5a168feb6 100644
--- a/etc/profile-m-z/zaproxy.profile
+++ b/etc/profile-m-z/zaproxy.profile
@@ -6,7 +6,7 @@ include zaproxy.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ZAP
+noblacklist ${HOME}/.ZAP
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -20,8 +20,8 @@ include disable-programs.inc
 mkdir ${HOME}/.java
 mkdir ${HOME}/.ZAP
-allow  ${HOME}/.java
+whitelist ${HOME}/.java
-allow  ${HOME}/.ZAP
+whitelist ${HOME}/.ZAP
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile
index 32ff4f8ed..10f83aa30 100644
--- a/etc/profile-m-z/zart.profile
+++ b/etc/profile-m-z/zart.profile
@@ -6,8 +6,8 @@ include zart.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile
index 4bc841f63..d0e68c980 100644
--- a/etc/profile-m-z/zathura.profile
+++ b/etc/profile-m-z/zathura.profile
@@ -6,9 +6,9 @@ include zathura.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/zathura
+noblacklist ${HOME}/.config/zathura
-nodeny  ${HOME}/.local/share/zathura
+noblacklist ${HOME}/.local/share/zathura
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/zathura
 mkdir ${HOME}/.local/share/zathura
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/zathura
+whitelist /usr/share/zathura
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile
index 904ea9f05..5de13ab90 100644
--- a/etc/profile-m-z/zcat.profile
+++ b/etc/profile-m-z/zcat.profile
@@ -9,7 +9,7 @@ include zcat.local
 # Allow running kernel config check
 ignore include disable-shell.inc
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 # Redirect
 include gzip.profile
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index 458df2a46..2c6f6910f 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -6,9 +6,9 @@ include zeal.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Zeal
+noblacklist ${HOME}/.config/Zeal
-nodeny  ${HOME}/.cache/Zeal
+noblacklist ${HOME}/.cache/Zeal
-nodeny  ${HOME}/.local/share/Zeal
+noblacklist ${HOME}/.local/share/Zeal
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal
 mkdir ${HOME}/.config/qt5ct
 mkdir ${HOME}/.config/Zeal
 mkdir ${HOME}/.local/share/Zeal
-allow  ${HOME}/.cache/Zeal
+whitelist ${HOME}/.cache/Zeal
-allow  ${HOME}/.config/Zeal
+whitelist ${HOME}/.config/Zeal
-allow  ${HOME}/.local/share/Zeal
+whitelist ${HOME}/.local/share/Zeal
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile
index e2dfbd105..f63dc871f 100644
--- a/etc/profile-m-z/zgrep.profile
+++ b/etc/profile-m-z/zgrep.profile
@@ -9,7 +9,7 @@ include zgrep.local
 # Allow running kernel config check
 ignore include disable-shell.inc
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 # Redirect
 include gzip.profile
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index 6b0417b56..ac615d861 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -16,17 +16,17 @@ ignore dbus-system none
 # If you use such a system, add 'ignore nogroups' to your zoom.local.
 #ignore nogroups
-nodeny  ${HOME}/.config/zoomus.conf
+noblacklist ${HOME}/.config/zoomus.conf
-nodeny  ${HOME}/.zoom
+noblacklist ${HOME}/.zoom
-noallow  ${DOWNLOADS}
+nowhitelist ${DOWNLOADS}
 mkdir ${HOME}/.cache/zoom
 mkfile ${HOME}/.config/zoomus.conf
 mkdir ${HOME}/.zoom
-allow  ${HOME}/.cache/zoom
+whitelist ${HOME}/.cache/zoom
-allow  ${HOME}/.config/zoomus.conf
+whitelist ${HOME}/.config/zoomus.conf
-allow  ${HOME}/.zoom
+whitelist ${HOME}/.zoom
 # Disable for now, see https://github.com/netblue30/firejail/issues/3726
 #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile
index cdbbdccf1..093da5212 100644
--- a/etc/profile-m-z/zulip.profile
+++ b/etc/profile-m-z/zulip.profile
@@ -8,7 +8,7 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Zulip
+noblacklist ${HOME}/.config/Zulip
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/Zulip
-allow  ${HOME}/.config/Zulip
+whitelist ${HOME}/.config/Zulip
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc