370 files changed, 1568 insertions, 1568 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 6f493fff1..4009853d3 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/0ad
+noblacklist ${HOME}/.cache/0ad
-nodeny  ${HOME}/.config/0ad
+noblacklist ${HOME}/.config/0ad
-nodeny  ${HOME}/.local/share/0ad
+noblacklist ${HOME}/.local/share/0ad
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/0ad
 mkdir ${HOME}/.config/0ad
 mkdir ${HOME}/.local/share/0ad
-allow  ${HOME}/.cache/0ad
+whitelist ${HOME}/.cache/0ad
-allow  ${HOME}/.config/0ad
+whitelist ${HOME}/.config/0ad
-allow  ${HOME}/.local/share/0ad
+whitelist ${HOME}/.local/share/0ad
-allow  /usr/share/0ad
+whitelist /usr/share/0ad
-allow  /usr/share/games
+whitelist /usr/share/games
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 3a7b331a7..1d787cba7 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/2048-qt
+noblacklist ${HOME}/.config/2048-qt
-nodeny  ${HOME}/.config/xiaoyong
+noblacklist ${HOME}/.config/xiaoyong
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/2048-qt
 mkdir ${HOME}/.config/xiaoyong
-allow  ${HOME}/.config/2048-qt
+whitelist ${HOME}/.config/2048-qt
-allow  ${HOME}/.config/xiaoyong
+whitelist ${HOME}/.config/xiaoyong
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index def0ec111..1d86b0fbf 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Cryptocat
+noblacklist ${HOME}/.config/Cryptocat
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 1d3ae49ca..3f274b21c 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 private-bin Discord
 private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index 3c85f187b..d24e73ed8 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 private-bin DiscordCanary
 private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 8f746581f..7dc6b5ff0 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Fritzing
+noblacklist ${HOME}/.config/Fritzing
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index 9a00c3230..d10b70796 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.jd
+noblacklist ${HOME}/.jd
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.jd
-allow  ${HOME}/.jd
+whitelist ${HOME}/.jd
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 2a92c7db4..75da9a956 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/abiword
+noblacklist ${HOME}/.config/abiword
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-allow  /usr/share/abiword-3.0
+whitelist /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 70ddcec20..2e6e8f1af 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/abrowser
+whitelist ${HOME}/.cache/mozilla/abrowser
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
 # private-etc must first be enabled in firefox-common.profile
 #private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index d32586c5b..34f59769e 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 7b1d1445f..37fdb38b5 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
+noblacklist ${HOME}/.local/share/notes
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /tmp/akonadi-*
+noblacklist /tmp/akonadi-*
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index b2323547c..38fcd2dc1 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/akregatorrc
+noblacklist ${HOME}/.config/akregatorrc
-nodeny  ${HOME}/.local/share/akregator
+noblacklist ${HOME}/.local/share/akregator
-nodeny  ${HOME}/.local/share/kxmlgui5/akregator
+noblacklist ${HOME}/.local/share/kxmlgui5/akregator
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
 mkdir ${HOME}/.local/share/kxmlgui5/akregator
-allow  ${HOME}/.config/akregatorrc
+whitelist ${HOME}/.config/akregatorrc
-allow  ${HOME}/.local/share/akregator
+whitelist ${HOME}/.local/share/akregator
-allow  ${HOME}/.local/share/kssl
+whitelist ${HOME}/.local/share/kssl
-allow  ${HOME}/.local/share/kxmlgui5/akregator
+whitelist ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index ca6c8d887..4c6d68020 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 # Whitelist your system icon directory,varies by distro
-allow  /usr/share/alacarte
+whitelist /usr/share/alacarte
-allow  /usr/share/app-info
+whitelist /usr/share/app-info
-allow  /usr/share/desktop-directories
+whitelist /usr/share/desktop-directories
-allow  /usr/share/icons
+whitelist /usr/share/icons
-allow  /var/lib/app-info/icons
+whitelist /var/lib/app-info/icons
-allow  /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/applications
-allow  /var/lib/flatpak/exports/share/icons
+whitelist /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 220c3345d..81ee6bd46 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/cor-games
+noblacklist ${HOME}/.local/share/cor-games
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/cor-games
-allow  ${HOME}/.local/share/cor-games
+whitelist ${HOME}/.local/share/cor-games
-allow  /usr/share/alienarena
+whitelist /usr/share/alienarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 6fa3edfa1..0b5cf0df0 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
 # Workaround for bug https://github.com/netblue30/firejail/issues/2747
 # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.addressbook
+noblacklist ${HOME}/.addressbook
-nodeny  ${HOME}/.alpine-smime
+noblacklist ${HOME}/.alpine-smime
-nodeny  ${HOME}/.mailcap
+noblacklist ${HOME}/.mailcap
-nodeny  ${HOME}/.mh_profile
+noblacklist ${HOME}/.mh_profile
-nodeny  ${HOME}/.mime.types
+noblacklist ${HOME}/.mime.types
-nodeny  ${HOME}/.newsrc
+noblacklist ${HOME}/.newsrc
-nodeny  ${HOME}/.pine-crash
+noblacklist ${HOME}/.pine-crash
-nodeny  ${HOME}/.pine-debug1
+noblacklist ${HOME}/.pine-debug1
-nodeny  ${HOME}/.pine-debug2
+noblacklist ${HOME}/.pine-debug2
-nodeny  ${HOME}/.pine-debug3
+noblacklist ${HOME}/.pine-debug3
-nodeny  ${HOME}/.pine-debug4
+noblacklist ${HOME}/.pine-debug4
-nodeny  ${HOME}/.pine-interrupted-mail
+noblacklist ${HOME}/.pine-interrupted-mail
-nodeny  ${HOME}/.pinerc
+noblacklist ${HOME}/.pinerc
-nodeny  ${HOME}/.pinercex
+noblacklist ${HOME}/.pinercex
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
-nodeny  ${HOME}/mail
+noblacklist ${HOME}/mail
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.pine-debug4
 #whitelist ${HOME}/.signature
 #whitelist ${HOME}/mail
-allow  /var/mail
+whitelist /var/mail
-allow  /var/spool/mail
+whitelist /var/spool/mail
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index 03aba36e4..a7caddc4c 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index 00039a7e9..e3c4164ee 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.aMule
+noblacklist ${HOME}/.aMule
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.aMule
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.aMule
+whitelist ${HOME}/.aMule
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5bf6ed773..5a21744cf 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Google
+noblacklist ${HOME}/.config/Google
-nodeny  ${HOME}/.AndroidStudio*
+noblacklist ${HOME}/.AndroidStudio*
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
+noblacklist ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index c1aa18ff3..13bb01ce2 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.local/share/Anki2
+noblacklist ${HOME}/.local/share/Anki2
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/Anki2
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${HOME}/.local/share/Anki2
+whitelist ${HOME}/.local/share/Anki2
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index cb30ed8da..fdaf10259 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.anydesk
+noblacklist ${HOME}/.anydesk
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.anydesk
-allow  ${HOME}/.anydesk
+whitelist ${HOME}/.anydesk
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index d647a4657..e7b09283e 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.bash_history
+noblacklist ${HOME}/.bash_history
-nodeny  ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
+noblacklist ${HOME}/.jack-settings
-nodeny  ${HOME}/.repo_.gitconfig.json
+noblacklist ${HOME}/.repo_.gitconfig.json
-nodeny  ${HOME}/.repoconfig
+noblacklist ${HOME}/.repoconfig
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 020ae2812..01566314f 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.texlive20*
+noblacklist ${HOME}/.texlive20*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/apostrophe
+whitelist /usr/share/apostrophe
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/texmf
+whitelist /usr/share/texmf
-allow  /usr/share/pandoc-*
+whitelist /usr/share/pandoc-*
-allow  /usr/share/perl5
+whitelist /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index 8c71dd574..accabb6f5 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/arch-audit
+whitelist /usr/share/arch-audit
 include whitelist-usr-share-common.inc
 apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 0915ede33..19c37f90e 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 5b859ceb1..1fab4606b 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
 # common profile for archiver/compression tools
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 # Comment/uncomment the relevant include file(s) in your archiver-common.local
 # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 960948afc..84b1d6c18 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ardour4
+noblacklist ${HOME}/.config/ardour4
-nodeny  ${HOME}/.config/ardour5
+noblacklist ${HOME}/.config/ardour5
-nodeny  ${HOME}/.lv2
+noblacklist ${HOME}/.lv2
-nodeny  ${HOME}/.vst
+noblacklist ${HOME}/.vst
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index 88f14fbfe..fd1ca9a09 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.arduino15
+noblacklist ${HOME}/.arduino15
-nodeny  ${HOME}/Arduino
+noblacklist ${HOME}/Arduino
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index be56011f0..22b8ecd65 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.aria2
+noblacklist ${HOME}/.aria2
-nodeny  ${HOME}/.config/aria2
+noblacklist ${HOME}/.config/aria2
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index 031c57080..a63dd8f5f 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/arkrc
+noblacklist ${HOME}/.config/arkrc
-nodeny  ${HOME}/.local/share/kxmlgui5/ark
+noblacklist ${HOME}/.local/share/kxmlgui5/ark
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/ark
+whitelist /usr/share/ark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 9ed8076be..2c8b630ce 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.arm
+noblacklist ${HOME}/.arm
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.arm
-allow  ${HOME}/.arm
+whitelist ${HOME}/.arm
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index 7cfac4915..fab72b7d3 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/artha.conf
+noblacklist ${HOME}/.config/artha.conf
-nodeny  ${HOME}/.config/artha.log
+noblacklist ${HOME}/.config/artha.log
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/artha.conf
 #whitelist ${HOME}/.config/artha.log
 #whitelist ${HOME}/.config/enchant
-allow  /usr/share/artha
+whitelist /usr/share/artha
-allow  /usr/share/wordnet
+whitelist /usr/share/wordnet
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index f2251c210..977fe30a4 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index e65072266..c97fd691a 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/asunder
+noblacklist ${HOME}/.config/asunder
-nodeny  ${HOME}/.asunder_album_genre
+noblacklist ${HOME}/.asunder_album_genre
-nodeny  ${HOME}/.asunder_album_title
+noblacklist ${HOME}/.asunder_album_title
-nodeny  ${HOME}/.asunder_album_artist
+noblacklist ${HOME}/.asunder_album_artist
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index ea3038537..5f237ac59 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
 ignore apparmor
 ignore disable-mnt
-nodeny  ${HOME}/.atom
+noblacklist ${HOME}/.atom
-nodeny  ${HOME}/.config/Atom
+noblacklist ${HOME}/.config/Atom
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 8ae8617cf..1c3ed66ff 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/atril
+noblacklist ${HOME}/.cache/atril
-nodeny  ${HOME}/.config/atril
+noblacklist ${HOME}/.config/atril
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index 53baf0a2a..f9f209786 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Audaciousrc
+noblacklist ${HOME}/.config/Audaciousrc
-nodeny  ${HOME}/.config/audacious
+noblacklist ${HOME}/.config/audacious
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index c244846e1..a2de8436a 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.audacity-data
+noblacklist ${HOME}/.audacity-data
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 534792cc6..2c7fdc812 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${MUSIC}
+whitelist ${MUSIC}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/audio-recorder
+whitelist /usr/share/audio-recorder
-allow  /usr/share/gstreamer-1.0
+whitelist /usr/share/gstreamer-1.0
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 0d6eb6a21..2ebe35dd5 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/authenticator-rs
+noblacklist ${HOME}/.local/share/authenticator-rs
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/authenticator-rs
-allow  ${HOME}/.local/share/authenticator-rs
+whitelist ${HOME}/.local/share/authenticator-rs
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/uk.co.grumlimited.authenticator-rs
+whitelist /usr/share/uk.co.grumlimited.authenticator-rs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 55d967e3e..42d9cd56a 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Authenticator
+noblacklist ${HOME}/.cache/Authenticator
-nodeny  ${HOME}/.config/Authenticator
+noblacklist ${HOME}/.config/Authenticator
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index a5b3b22f6..891928e5a 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.config/autokey
+noblacklist ${HOME}/.config/autokey
-nodeny  ${HOME}/.local/share/autokey
+noblacklist ${HOME}/.local/share/autokey
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 0feb05d75..1ecc03da1 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.avidemux6
+noblacklist ${HOME}/.avidemux6
-nodeny  ${HOME}/.config/avidemux3_qt5rc
+noblacklist ${HOME}/.config/avidemux3_qt5rc
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.avidemux6
 mkdir ${HOME}/.config/avidemux3_qt5rc
-allow  ${HOME}/.avidemux6
+whitelist ${HOME}/.avidemux6
-allow  ${HOME}/.config/avidemux3_qt5rc
+whitelist ${HOME}/.config/avidemux3_qt5rc
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index abe9fdb24..a57ad4014 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/aweather
+noblacklist ${HOME}/.config/aweather
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/aweather
-allow  ${HOME}/.config/aweather
+whitelist ${HOME}/.config/aweather
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 58f4f5e96..5d1bf5071 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
 include globals.local
 # all applications started in awesome will run in this profile
-nodeny  ${HOME}/.config/awesome
+noblacklist ${HOME}/.config/awesome
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 46bb0b44e..3952921a3 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.ballbuster.hs
+noblacklist ${HOME}/.ballbuster.hs
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.ballbuster.hs
-allow  ${HOME}/.ballbuster.hs
+whitelist ${HOME}/.ballbuster.hs
-allow  /usr/share/ballbuster
+whitelist /usr/share/ballbuster
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index 2b10883f7..fe86d9b80 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
 # read-write ${HOME}/.local/share/baloo
 # ignore read-write
-nodeny  ${HOME}/.config/baloofilerc
+noblacklist ${HOME}/.config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloofilerc
+noblacklist ${HOME}/.kde/share/config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloorc
+noblacklist ${HOME}/.kde/share/config/baloorc
-nodeny  ${HOME}/.kde4/share/config/baloofilerc
+noblacklist ${HOME}/.kde4/share/config/baloofilerc
-nodeny  ${HOME}/.kde4/share/config/baloorc
+noblacklist ${HOME}/.kde4/share/config/baloorc
-nodeny  ${HOME}/.local/share/baloo
+noblacklist ${HOME}/.local/share/baloo
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 1e74443aa..8c69652c5 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.balsa
+noblacklist ${HOME}/.balsa
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
-nodeny  ${HOME}/mail
+noblacklist ${HOME}/mail
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.signature
 mkdir ${HOME}/mail
-allow  ${HOME}/.balsa
+whitelist ${HOME}/.balsa
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.signature
+whitelist ${HOME}/.signature
-allow  ${HOME}/mail
+whitelist ${HOME}/mail
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/balsa
+whitelist /usr/share/balsa
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /var/mail
+whitelist /var/mail
-allow  /var/spool/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index fcea9b3ba..7b50e9199 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Debauchee/Barrier.conf
+noblacklist ${HOME}/.config/Debauchee/Barrier.conf
-nodeny  ${HOME}/.local/share/barrier
+noblacklist ${HOME}/.local/share/barrier
-nodeny  ${PATH}/openssl
+noblacklist ${PATH}/openssl
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 547c67fc8..8dc3847a0 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/moonchild productions/basilisk
+noblacklist ${HOME}/.cache/moonchild productions/basilisk
-nodeny  ${HOME}/.moonchild productions/basilisk
+noblacklist ${HOME}/.moonchild productions/basilisk
 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-allow  ${HOME}/.cache/moonchild productions/basilisk
+whitelist ${HOME}/.cache/moonchild productions/basilisk
-allow  ${HOME}/.moonchild productions
+whitelist ${HOME}/.moonchild productions
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index a1d2b1e73..3ecaea7fe 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/bcompare
+noblacklist ${HOME}/.config/bcompare
 # In case the user decides to include disable-programs.inc, still allow
 # KDE's Gwenview to view images via right click -> Open With -> Associated Application
-nodeny  ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/gwenviewrc
 # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index 588f460a8..f3a9568bd 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
-nodeny  ${HOME}/.config/Beaker Browser
+noblacklist ${HOME}/.config/Beaker Browser
 mkdir ${HOME}/.config/Beaker Browser
-allow  ${HOME}/.config/Beaker Browser
+whitelist ${HOME}/.config/Beaker Browser
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index 717d7258d..c7a82afbd 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bibletime
+noblacklist ${HOME}/.bibletime
-nodeny  ${HOME}/.sword
+noblacklist ${HOME}/.sword
-nodeny  ${HOME}/.local/share/bibletime
+noblacklist ${HOME}/.local/share/bibletime
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 include disable-common.inc
 include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
 mkdir ${HOME}/.bibletime
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.local/share/bibletime
-allow  ${HOME}/.bibletime
+whitelist ${HOME}/.bibletime
-allow  ${HOME}/.sword
+whitelist ${HOME}/.sword
-allow  ${HOME}/.local/share/bibletime
+whitelist ${HOME}/.local/share/bibletime
-allow  /usr/share/bibletime
+whitelist /usr/share/bibletime
-allow  /usr/share/doc/bibletime
+whitelist /usr/share/doc/bibletime
-allow  /usr/share/sword
+whitelist /usr/share/sword
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index b02fcc3e0..854fe5cb9 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/bijiben
+noblacklist ${HOME}/.local/share/bijiben
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/bijiben
-allow  ${HOME}/.local/share/bijiben
+whitelist ${HOME}/.local/share/bijiben
-allow  ${HOME}/.cache/tracker
+whitelist ${HOME}/.cache/tracker
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/bijiben
+whitelist /usr/share/bijiben
-allow  /usr/share/tracker
+whitelist /usr/share/tracker
-allow  /usr/share/tracker3
+whitelist /usr/share/tracker3
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index c4ec0f820..932db9b73 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bitcoin
+noblacklist ${HOME}/.bitcoin
-nodeny  ${HOME}/.config/Bitcoin
+noblacklist ${HOME}/.config/Bitcoin
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
-allow  ${HOME}/.bitcoin
+whitelist ${HOME}/.bitcoin
-allow  ${HOME}/.config/Bitcoin
+whitelist ${HOME}/.config/Bitcoin
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index 0f000b26b..dd7651979 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # noblacklist /var/log
 include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index 4b292d72a..ba2eb2ea7 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Bitwarden
+noblacklist ${HOME}/.config/Bitwarden
 include disable-shell.inc
 mkdir ${HOME}/.config/Bitwarden
-allow  ${HOME}/.config/Bitwarden
+whitelist ${HOME}/.config/Bitwarden
 machine-id
 no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 616ad6801..233f9a96f 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
 include globals.local
 # all applications started in blackbox will run in this profile
-nodeny  ${HOME}/.blackbox
+noblacklist ${HOME}/.blackbox
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 8d0b5616f..701ae431e 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/blender
+noblacklist ${HOME}/.config/blender
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 # Allow usage of AMD GPU by OpenCL
-nodeny  /sys/module
+noblacklist /sys/module
-allow  /sys/module/amdgpu
+whitelist /sys/module/amdgpu
 read-only /sys/module/amdgpu
 caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index ca5f96eee..80dc750f7 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/bless
+noblacklist ${HOME}/.config/bless
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index ee2a73b54..229c20293 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.blobby
+noblacklist ${HOME}/.blobby
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.blobby
-allow  ${HOME}/.blobby
+whitelist ${HOME}/.blobby
 include whitelist-common.inc
-allow  /usr/share/blobby
+whitelist /usr/share/blobby
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index e0be5261e..904710cb5 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.parallelrealities/blobwars
+noblacklist ${HOME}/.parallelrealities/blobwars
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.parallelrealities/blobwars
-allow  ${HOME}/.parallelrealities/blobwars
+whitelist ${HOME}/.parallelrealities/blobwars
-allow  /usr/share/blobwars
+whitelist /usr/share/blobwars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index dcfd5d8d2..6e8f0d7d1 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/bnox
+noblacklist ${HOME}/.cache/bnox
-nodeny  ${HOME}/.config/bnox
+noblacklist ${HOME}/.config/bnox
 mkdir ${HOME}/.cache/bnox
 mkdir ${HOME}/.config/bnox
-allow  ${HOME}/.cache/bnox
+whitelist ${HOME}/.cache/bnox
-allow  ${HOME}/.config/bnox
+whitelist ${HOME}/.config/bnox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index a14bb8fef..0cbac049a 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Brackets
+noblacklist ${HOME}/.config/Brackets
 #noblacklist /opt/brackets
 #noblacklist /opt/google
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index a78882409..417a6b3e0 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/brasero
+noblacklist ${HOME}/.config/brasero
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index bc2d7a6a1..09548c761 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/BraveSoftware
+noblacklist ${HOME}/.cache/BraveSoftware
-nodeny  ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/brave
+noblacklist ${HOME}/.config/brave
-nodeny  ${HOME}/.config/brave-flags.conf
+noblacklist ${HOME}/.config/brave-flags.conf
 # brave uses gpg for built-in password manager
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 mkdir ${HOME}/.cache/BraveSoftware
 mkdir ${HOME}/.config/BraveSoftware
 mkdir ${HOME}/.config/brave
-allow  ${HOME}/.cache/BraveSoftware
+whitelist ${HOME}/.cache/BraveSoftware
-allow  ${HOME}/.config/BraveSoftware
+whitelist ${HOME}/.config/BraveSoftware
-allow  ${HOME}/.config/brave
+whitelist ${HOME}/.config/brave
-allow  ${HOME}/.config/brave-flags.conf
+whitelist ${HOME}/.config/brave-flags.conf
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
 # Brave sandbox needs read access to /proc/config.gz
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index 62ca041c2..bda96bbb3 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bzf
+noblacklist ${HOME}/.bzf
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.bzf
-allow  ${HOME}/.bzf
+whitelist ${HOME}/.bzf
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 99706620c..83571397b 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/calibre
+noblacklist ${HOME}/.cache/calibre
-nodeny  ${HOME}/.config/calibre
+noblacklist ${HOME}/.config/calibre
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index 36ecc06a0..fcff47662 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligra
+noblacklist ${HOME}/.local/share/kxmlgui5/calligra
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 76123c96a..006c307ab 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/calligragemini
+noblacklist ${HOME}/.local/share/calligragemini
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 5fb1e16da..81dbd4dcd 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplan
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index c176bfea1..bba91b66b 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplanwork
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index b7ac68945..7bc296047 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrasheets
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 1258fec56..7694abbe4 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrastage
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index c2b6c8041..d69d56a95 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrawords
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 390ae383c..74c7cc34b 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/cameramonitor
+whitelist /usr/share/cameramonitor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 77bdc09e0..96f88a7c4 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/cantata
+noblacklist ${HOME}/.cache/cantata
-nodeny  ${HOME}/.config/cantata
+noblacklist ${HOME}/.config/cantata
-nodeny  ${HOME}/.local/share/cantata
+noblacklist ${HOME}/.local/share/cantata
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 9c53af84f..7cf04c550 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
 ignore noexec ${HOME}
 ignore noexec /tmp
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.cargo/credentials
+noblacklist ${HOME}/.cargo/credentials
-nodeny  ${HOME}/.cargo/credentials.toml
+noblacklist ${HOME}/.cargo/credentials.toml
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.cargo
 #whitelist ${HOME}/.rustup
 #include whitelist-common.inc
-allow  /usr/share/pkgconfig
+whitelist /usr/share/pkgconfig
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 4ea53ea6b..009d3a049 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
-nodeny  ${HOME}/.config/catfish
+noblacklist ${HOME}/.config/catfish
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
-allow  /var/lib/mlocate
+whitelist /var/lib/mlocate
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index d7aee1902..6e137010c 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cawbird
+noblacklist ${HOME}/.config/cawbird
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index d6f4306ba..1c539cc93 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/celluloid
+noblacklist ${HOME}/.config/celluloid
-nodeny  ${HOME}/.config/gnome-mpv
+noblacklist ${HOME}/.config/gnome-mpv
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/celluloid
 mkdir ${HOME}/.config/gnome-mpv
 mkdir ${HOME}/.config/youtube-dl
-allow  ${HOME}/.config/celluloid
+whitelist ${HOME}/.config/celluloid
-allow  ${HOME}/.config/gnome-mpv
+whitelist ${HOME}/.config/gnome-mpv
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/youtube-dl
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 0f61084e0..24939fc70 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index bde3e1311..aca1f5876 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
 # Persistent global definitions
 include globals.local
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  /usr/share/gnome-video-effects
+whitelist /usr/share/gnome-video-effects
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index d5dedd81d..7621b3c8c 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cherrytree
+noblacklist ${HOME}/.config/cherrytree
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 64c45772a..8803a4d9d 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
 # Persistent local customizations
 include chromium-browser-privacy.local
-nodeny  ${HOME}/.cache/ungoogled-chromium
+noblacklist ${HOME}/.cache/ungoogled-chromium
-nodeny  ${HOME}/.config/ungoogled-chromium
+noblacklist ${HOME}/.config/ungoogled-chromium
-deny  /usr/libexec
+blacklist /usr/libexec
 mkdir ${HOME}/.cache/ungoogled-chromium
 mkdir ${HOME}/.config/ungoogled-chromium
-allow  ${HOME}/.cache/ungoogled-chromium
+whitelist ${HOME}/.cache/ungoogled-chromium
-allow  ${HOME}/.config/ungoogled-chromium
+whitelist ${HOME}/.config/ungoogled-chromium
 # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index dbeb715d4..b0e0254d4 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
 # to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index ea92e90a8..9ac33aa1c 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/chromium
+noblacklist ${HOME}/.cache/chromium
-nodeny  ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/chromium-flags.conf
+noblacklist ${HOME}/.config/chromium-flags.conf
 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
-allow  ${HOME}/.cache/chromium
+whitelist ${HOME}/.cache/chromium
-allow  ${HOME}/.config/chromium
+whitelist ${HOME}/.config/chromium
-allow  ${HOME}/.config/chromium-flags.conf
+whitelist ${HOME}/.config/chromium-flags.conf
-allow  /usr/share/chromium
+whitelist /usr/share/chromium
-allow  /usr/share/mozilla/extensions
+whitelist /usr/share/mozilla/extensions
 # private-bin chromium,chromium-browser,chromedriver
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index c967e1c96..e1f9523c4 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bcast5
+noblacklist ${HOME}/.bcast5
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index 0efbcd4f2..e403c2c41 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-exec.inc
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 3e4e1f2a1..691657fa0 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 # Add the below lines to your claws-mail.local if you use python-based plugins.
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 #include allow-python3.inc
-allow  /usr/share/doc/claws-mail
+whitelist /usr/share/doc/claws-mail
 # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index ee64391d9..9b62a1f73 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index f9c0006f9..fa33795c1 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Clementine
+noblacklist ${HOME}/.cache/Clementine
-nodeny  ${HOME}/.config/Clementine
+noblacklist ${HOME}/.config/Clementine
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 5c5399069..77952358f 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,16 +5,16 @@ include clion.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/JetBrains/CLion*
+noblacklist ${HOME}/.config/JetBrains/CLion*
-nodeny  ${HOME}/.cache/JetBrains/CLion*
+noblacklist ${HOME}/.cache/JetBrains/CLion*
-nodeny  ${HOME}/.clion*
+noblacklist ${HOME}/.clion*
-nodeny  ${HOME}/.CLion*
+noblacklist ${HOME}/.CLion*
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.java
+noblacklist ${HOME}/.java
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index 89f8d96f0..c8258da07 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Philipp Schmieder
+noblacklist ${HOME}/.config/Philipp Schmieder
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index 4a2a5171b..d421903a3 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/clipit
+noblacklist ${HOME}/.config/clipit
-nodeny  ${HOME}/.local/share/clipit
+noblacklist ${HOME}/.local/share/clipit
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/clipit
 mkdir ${HOME}/.local/share/clipit
-allow  ${HOME}/.config/clipit
+whitelist ${HOME}/.config/clipit
-allow  ${HOME}/.local/share/clipit
+whitelist ${HOME}/.local/share/clipit
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index 22c6ef882..d0b8cc0ef 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/cliqz
+noblacklist ${HOME}/.cache/cliqz
-nodeny  ${HOME}/.cliqz
+noblacklist ${HOME}/.cliqz
-nodeny  ${HOME}/.config/cliqz
+noblacklist ${HOME}/.config/cliqz
 mkdir ${HOME}/.cache/cliqz
 mkdir ${HOME}/.cliqz
 mkdir ${HOME}/.config/cliqz
-allow  ${HOME}/.cache/cliqz
+whitelist ${HOME}/.cache/cliqz
-allow  ${HOME}/.cliqz
+whitelist ${HOME}/.cliqz
-allow  ${HOME}/.config/cliqz
+whitelist ${HOME}/.config/cliqz
 # private-etc must first be enabled in firefox-common.profile
 #private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index 51e53209f..bcd557787 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cmus
+noblacklist ${HOME}/.config/cmus
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index 1933c66fa..e19b78908 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Code
+noblacklist ${HOME}/.config/Code
-nodeny  ${HOME}/.config/Code - OSS
+noblacklist ${HOME}/.config/Code - OSS
-nodeny  ${HOME}/.vscode
+noblacklist ${HOME}/.vscode
-nodeny  ${HOME}/.vscode-oss
+noblacklist ${HOME}/.vscode-oss
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index efa7f516c..bd6d8f5b0 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.suve/colorful
+noblacklist ${HOME}/.suve/colorful
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.suve/colorful
-allow  ${HOME}/.suve/colorful
+whitelist ${HOME}/.suve/colorful
-allow  /usr/share/suve
+whitelist /usr/share/suve
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index 34b662959..c8bdfec23 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/com.github.bleakgrey.tootle
+noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/com.github.bleakgrey.tootle
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/com.github.bleakgrey.tootle
+whitelist ${HOME}/.config/com.github.bleakgrey.tootle
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 4e26e4925..b467a0f7a 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/agenda
+noblacklist ${HOME}/.cache/agenda
-nodeny  ${HOME}/.config/agenda
+noblacklist ${HOME}/.config/agenda
-nodeny  ${HOME}/.local/share/agenda
+noblacklist ${HOME}/.local/share/agenda
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/agenda
 mkdir ${HOME}/.config/agenda
 mkdir ${HOME}/.local/share/agenda
-allow  ${HOME}/.cache/agenda
+whitelist ${HOME}/.cache/agenda
-allow  ${HOME}/.config/agenda
+whitelist ${HOME}/.config/agenda
-allow  ${HOME}/.local/share/agenda
+whitelist ${HOME}/.local/share/agenda
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index bbfc1fe41..c13f9618b 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.cache/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
-nodeny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
 mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${HOME}/.cache/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
-allow  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/com.github.johnfactotum.Foliate
+whitelist /usr/share/com.github.johnfactotum.Foliate
-allow  /usr/share/hyphen
+whitelist /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index 3e9acc6c8..d0402d188 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/minder
+noblacklist ${HOME}/.local/share/minder
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/minder
-allow  ${HOME}/.local/share/minder
+whitelist ${HOME}/.local/share/minder
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 6cc9ec551..38edf0d21 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.conkeror.mozdev.org
+noblacklist ${HOME}/.conkeror.mozdev.org
 include disable-common.inc
 include disable-programs.inc
 mkdir ${HOME}/.conkeror.mozdev.org
 mkfile ${HOME}/.conkerorrc
-allow  ${HOME}/.conkeror.mozdev.org
+whitelist ${HOME}/.conkeror.mozdev.org
-allow  ${HOME}/.conkerorrc
+whitelist ${HOME}/.conkerorrc
-allow  ${HOME}/.lastpass
+whitelist ${HOME}/.lastpass
-allow  ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pentadactylrc
-allow  ${HOME}/.vimperator
+whitelist ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
+whitelist ${HOME}/.vimperatorrc
-allow  ${HOME}/.zotero
+whitelist ${HOME}/.zotero
-allow  ${HOME}/dwhelper
+whitelist ${HOME}/dwhelper
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index 1b3fe6651..eaa18739d 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 266c404ee..2fb446e2a 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/corebird
+noblacklist ${HOME}/.config/corebird
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 0a1353e40..1635995dc 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/cower
+noblacklist ${HOME}/.config/cower
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 5e48c8022..7ece35c2b 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/coyim
+noblacklist ${HOME}/.config/coyim
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/coyim
-allow  ${HOME}/.config/coyim
+whitelist ${HOME}/.config/coyim
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index dec8c086b..bdc4f21a6 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index 81292c01c..b10216895 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.crawl
+noblacklist ${HOME}/.crawl
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.crawl
-allow  ${HOME}/.crawl
+whitelist ${HOME}/.crawl
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 36bd93778..02b15ecc2 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
 mkdir ${HOME}/.config/crow
 mkdir ${HOME}/.cache/gstreamer-1.0
-allow  ${HOME}/.config/crow
+whitelist ${HOME}/.config/crow
-allow  ${HOME}/.cache/gstreamer-1.0
+whitelist ${HOME}/.cache/gstreamer-1.0
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 4950b7a4c..c9867c5d7 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
 # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
 # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
 # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
-nodeny  ${HOME}/.curl-hsts
+noblacklist ${HOME}/.curl-hsts
-nodeny  ${HOME}/.curlrc
+noblacklist ${HOME}/.curlrc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index 49f972e4a..d1fff0004 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.8pecxstudios
+noblacklist ${HOME}/.8pecxstudios
-nodeny  ${HOME}/.cache/8pecxstudios
+noblacklist ${HOME}/.cache/8pecxstudios
 mkdir ${HOME}/.8pecxstudios
 mkdir ${HOME}/.cache/8pecxstudios
-allow  ${HOME}/.8pecxstudios
+whitelist ${HOME}/.8pecxstudios
-allow  ${HOME}/.cache/8pecxstudios
+whitelist ${HOME}/.cache/8pecxstudios
 # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index c7ce1730a..ba1e7adad 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/d-feet
+noblacklist ${HOME}/.config/d-feet
 # Allow python (disabled by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/d-feet
-allow  ${HOME}/.config/d-feet
+whitelist ${HOME}/.config/d-feet
-allow  /usr/share/d-feet
+whitelist /usr/share/d-feet
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 4d51c255e..61fa52928 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/darktable
+noblacklist ${HOME}/.cache/darktable
-nodeny  ${HOME}/.config/darktable
+noblacklist ${HOME}/.config/darktable
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 745042d6f..67a61bb60 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index c1231c6cf..0c221850a 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index b9d385adf..be7514cbf 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 09fa7a07a..5b95b74be 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  /usr/share/ddgtk
+whitelist /usr/share/ddgtk
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index 25fa944a1..a221ebbd7 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/deadbeef
+noblacklist ${HOME}/.config/deadbeef
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index d41a4a023..ad7aa6ed5 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/deluge
+noblacklist ${HOME}/.config/deluge
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.config/deluge
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/deluge
+whitelist ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index aed4355d5..212cdab60 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/onlyoffice
+noblacklist ${HOME}/.config/onlyoffice
-nodeny  ${HOME}/.local/share/onlyoffice
+noblacklist ${HOME}/.local/share/onlyoffice
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index dc0f290fb..5007f8e74 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/devhelp
+whitelist /usr/share/devhelp
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/gtk-doc/html
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 631f15f93..6267b5709 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.devilspie
+noblacklist ${HOME}/.devilspie
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.devilspie
-allow  ${HOME}/.devilspie
+whitelist ${HOME}/.devilspie
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 140c9da0f..9eab3f536 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
 # Persistent global definitions
 #include globals.local
-deny  ${HOME}/.devilspie
+blacklist ${HOME}/.devilspie
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/devilspie2
+noblacklist ${HOME}/.config/devilspie2
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 mkdir ${HOME}/.config/devilspie2
-allow  ${HOME}/.config/devilspie2
+whitelist ${HOME}/.config/devilspie2
 private-bin devilspie2
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 2a808238b..531734b7d 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dia
+noblacklist ${HOME}/.dia
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.dia
 #whitelist ${DOCUMENTS}
 #include whitelist-common.inc
-allow  /usr/share/dia
+whitelist /usr/share/dia
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 2d683b811..247159a8a 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.digrc
+noblacklist ${HOME}/.digrc
-nodeny  ${PATH}/dig
+noblacklist ${PATH}/dig
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 # include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 #mkfile ${HOME}/.digrc - see #903
-allow  ${HOME}/.digrc
+whitelist ${HOME}/.digrc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 124b50952..2ca7bd400 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/digikam
+noblacklist ${HOME}/.config/digikam
-nodeny  ${HOME}/.config/digikamrc
+noblacklist ${HOME}/.config/digikamrc
-nodeny  ${HOME}/.kde/share/apps/digikam
+noblacklist ${HOME}/.kde/share/apps/digikam
-nodeny  ${HOME}/.kde4/share/apps/digikam
+noblacklist ${HOME}/.kde4/share/apps/digikam
-nodeny  ${HOME}/.local/share/kxmlgui5/digikam
+noblacklist ${HOME}/.local/share/kxmlgui5/digikam
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 883466f4d..9871a6095 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dillo
+noblacklist ${HOME}/.dillo
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 mkdir ${HOME}/.dillo
 mkdir ${HOME}/.fltk
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.dillo
+whitelist ${HOME}/.dillo
-allow  ${HOME}/.fltk
+whitelist ${HOME}/.fltk
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index 3078bef71..c3174b35f 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/dino
+noblacklist ${HOME}/.local/share/dino
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.local/share/dino
-allow  ${HOME}/.local/share/dino
+whitelist ${HOME}/.local/share/dino
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 1c53cd211..43db95b8a 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 6bee1901c..19e7bd9ab 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
 ignore noexec ${HOME}
 ignore novideo
-allow  ${HOME}/.config/BetterDiscord
+whitelist ${HOME}/.config/BetterDiscord
-allow  ${HOME}/.local/share/betterdiscordctl
+whitelist ${HOME}/.local/share/betterdiscordctl
 private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
 private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 658d3fc83..8ef02a30f 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 private-bin discord
 private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 4474b97d2..11f3fd36e 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 8c3d6211b..51ba6f8b7 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/dnox
+noblacklist ${HOME}/.cache/dnox
-nodeny  ${HOME}/.config/dnox
+noblacklist ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/dnox
 mkdir ${HOME}/.config/dnox
-allow  ${HOME}/.cache/dnox
+whitelist ${HOME}/.cache/dnox
-allow  ${HOME}/.config/dnox
+whitelist ${HOME}/.config/dnox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index dbcef36f8..f8fb1a331 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/dnscrypt-proxy
+whitelist /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b1acbf392..01398c2b2 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 15b312ecb..49feec32e 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
 # Note: you must whitelist your games folder in your dolphin-emu.local.
-nodeny  ${HOME}/.cache/dolphin-emu
+noblacklist ${HOME}/.cache/dolphin-emu
-nodeny  ${HOME}/.config/dolphin-emu
+noblacklist ${HOME}/.config/dolphin-emu
-nodeny  ${HOME}/.local/share/dolphin-emu
+noblacklist ${HOME}/.local/share/dolphin-emu
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
 mkdir ${HOME}/.config/dolphin-emu
 mkdir ${HOME}/.local/share/dolphin-emu
-allow  ${HOME}/.cache/dolphin-emu
+whitelist ${HOME}/.cache/dolphin-emu
-allow  ${HOME}/.config/dolphin-emu
+whitelist ${HOME}/.config/dolphin-emu
-allow  ${HOME}/.local/share/dolphin-emu
+whitelist ${HOME}/.local/share/dolphin-emu
-allow  /usr/share/dolphin-emu
+whitelist /usr/share/dolphin-emu
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 3b0adcc36..37a4113cb 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dooble
+noblacklist ${HOME}/.dooble
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.dooble
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.dooble
+whitelist ${HOME}/.dooble
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 29e506764..988f66f28 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.dosbox
+noblacklist ${HOME}/.dosbox
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 90ca11774..8fa01d504 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/dragonplayerrc
+noblacklist ${HOME}/.config/dragonplayerrc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/dragonplayer
+whitelist /usr/share/dragonplayer
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 84a77ce34..82d96e405 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/draw.io
+noblacklist ${HOME}/.config/draw.io
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/draw.io
-allow  ${HOME}/.config/draw.io
+whitelist ${HOME}/.config/draw.io
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index e177fd60e..068bd88d8 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PATH}/drill
+noblacklist ${PATH}/drill
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index 274cdd478..b3b2aaf40 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/autostart
-nodeny  ${HOME}/.dropbox
+noblacklist ${HOME}/.dropbox
-nodeny  ${HOME}/.dropbox-dist
+noblacklist ${HOME}/.dropbox-dist
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
 mkdir ${HOME}/.dropbox-dist
 mkdir ${HOME}/Dropbox
 mkfile ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.dropbox
+whitelist ${HOME}/.dropbox
-allow  ${HOME}/.dropbox-dist
+whitelist ${HOME}/.dropbox-dist
-allow  ${HOME}/Dropbox
+whitelist ${HOME}/Dropbox
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index da54fec34..38e4b16f7 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.easystroke
+noblacklist ${HOME}/.easystroke
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.easystroke
-allow  ${HOME}/.easystroke
+whitelist ${HOME}/.easystroke
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 10e57371e..278dd6cbd 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/electron-mail
+noblacklist ${HOME}/.config/electron-mail
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/electron-mail
-allow  ${HOME}/.config/electron-mail
+whitelist ${HOME}/.config/electron-mail
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index e8d8d35c4..493af79d4 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index f6691017c..ad636d71a 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.electrum
+noblacklist ${HOME}/.electrum
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.electrum
-allow  ${HOME}/.electrum
+whitelist ${HOME}/.electrum
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index ec28866b8..48a826f2e 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
 ignore dbus-user none
-nodeny  ${HOME}/.config/Element
+noblacklist ${HOME}/.config/Element
 mkdir ${HOME}/.config/Element
-allow  ${HOME}/.config/Element
+whitelist ${HOME}/.config/Element
-allow  /opt/Element
+whitelist /opt/Element
 private-opt Element
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 30dca05cb..5a29eb24b 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.elinks
+noblacklist ${HOME}/.elinks
 mkdir ${HOME}/.elinks
-allow  ${HOME}/.elinks
+whitelist ${HOME}/.elinks
 private-bin elinks
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index f0e0e2830..55bf743ef 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.emacs
+noblacklist ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs.d
 # Add the next line to your emacs.local if you need gpg support.
 #noblacklist ${HOME}/.gnupg
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 5fc72d340..6c9a8a6ea 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.signature
 # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
 # and 'blacklist' it in your disable-common.local too so it is  kept hidden from other applications
-nodeny  ${HOME}/Mail
+noblacklist ${HOME}/Mail
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.config/mimeapps.list
 mkfile ${HOME}/.signature
-allow  ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.config/mimeapps.list
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.signature
+whitelist ${HOME}/.signature
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
-allow  ${HOME}/Mail
+whitelist ${HOME}/Mail
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index 36015b702..ac17b1726 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/enchant
-allow  ${HOME}/.config/enchant
+whitelist ${HOME}/.config/enchant
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index 9a1d89bba..d982433e2 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/Enox
+noblacklist ${HOME}/.cache/Enox
-nodeny  ${HOME}/.config/Enox
+noblacklist ${HOME}/.config/Enox
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/Enox
 mkdir ${HOME}/.config/Enox
-allow  ${HOME}/.cache/Enox
+whitelist ${HOME}/.cache/Enox
-allow  ${HOME}/.config/Enox
+whitelist ${HOME}/.config/Enox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index 5d8f8a0b9..c4123b4c2 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/Enpass
+noblacklist ${HOME}/.cache/Enpass
-nodeny  ${HOME}/.config/sinew.in
+noblacklist ${HOME}/.config/sinew.in
-nodeny  ${HOME}/.config/Sinew Software Systems
+noblacklist ${HOME}/.config/Sinew Software Systems
-nodeny  ${HOME}/.local/share/Enpass
+noblacklist ${HOME}/.local/share/Enpass
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
 mkfile ${HOME}/.config/sinew.in
 mkdir ${HOME}/.config/Sinew Software Systems
 mkdir ${HOME}/.local/share/Enpass
-allow  ${HOME}/.cache/Enpass
+whitelist ${HOME}/.cache/Enpass
-allow  ${HOME}/.config/sinew.in
+whitelist ${HOME}/.config/sinew.in
-allow  ${HOME}/.config/Sinew Software Systems
+whitelist ${HOME}/.config/Sinew Software Systems
-allow  ${HOME}/.local/share/Enpass
+whitelist ${HOME}/.local/share/Enpass
-allow  ${DOCUMENTS}
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index ff7040e5c..fe7913e77 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
 # added by caller profile
 #include globals.local
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/Trash
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index e8592c7df..5892374bd 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/eog
+noblacklist ${HOME}/.config/eog
-allow  /usr/share/eog
+whitelist /usr/share/eog
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 323f5ade2..7143a8e03 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/mate/eom
+noblacklist ${HOME}/.config/mate/eom
-allow  /usr/share/eom
+whitelist /usr/share/eom
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 3657742b9..131d68951 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index daedb2193..225811226 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
 # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
 # See https://github.com/netblue30/firejail/issues/2995
-nodeny  ${HOME}/.cache/epiphany
+noblacklist ${HOME}/.cache/epiphany
-nodeny  ${HOME}/.config/epiphany
+noblacklist ${HOME}/.config/epiphany
-nodeny  ${HOME}/.local/share/epiphany
+noblacklist ${HOME}/.local/share/epiphany
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/epiphany
+whitelist ${HOME}/.cache/epiphany
-allow  ${HOME}/.config/epiphany
+whitelist ${HOME}/.config/epiphany
-allow  ${HOME}/.local/share/epiphany
+whitelist ${HOME}/.local/share/epiphany
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index ac957870c..964d3b7ca 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/equalx
+noblacklist ${HOME}/.config/equalx
-nodeny  ${HOME}/.equalx
+noblacklist ${HOME}/.equalx
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/equalx
 mkdir ${HOME}/.equalx
-allow  ${HOME}/.config/equalx
+whitelist ${HOME}/.config/equalx
-allow  ${HOME}/.equalx
+whitelist ${HOME}/.equalx
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
-allow  /usr/share/ghostscript
+whitelist /usr/share/ghostscript
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/equalx
+whitelist /usr/share/equalx
-allow  /var/lib/texmf
+whitelist /var/lib/texmf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index a2f46b757..fdff1e4b5 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.etr
+noblacklist ${HOME}/.etr
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.etr
-allow  ${HOME}/.etr
+whitelist ${HOME}/.etr
-allow  /usr/share/etr
+whitelist /usr/share/etr
 # Debian version
-allow  /usr/share/games/etr
+whitelist /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index ce2617ad6..a9e39b15c 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
 # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
 #noblacklist ${HOME}/.local/share/gvfs-metadata
-nodeny  ${HOME}/.config/evince
+noblacklist ${HOME}/.config/evince
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/evince
+whitelist /usr/share/evince
-allow  /usr/share/poppler
+whitelist /usr/share/poppler
-allow  /usr/share/tracker
+whitelist /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 142498a28..7222493ac 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
-nodeny  /var/mail
+noblacklist /var/mail
-nodeny  /var/spool/mail
+noblacklist /var/spool/mail
-nodeny  ${HOME}/.bogofilter
+noblacklist ${HOME}/.bogofilter
-nodeny  ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/evolution
-nodeny  ${HOME}/.config/evolution
+noblacklist ${HOME}/.config/evolution
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 216814989..7b09a2c64 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/perl-image-exiftool
+whitelist /usr/share/perl-image-exiftool
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 9bb42945b..b2061db79 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/falkon
+noblacklist ${HOME}/.cache/falkon
-nodeny  ${HOME}/.config/falkon
+noblacklist ${HOME}/.config/falkon
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/falkon
+whitelist ${HOME}/.cache/falkon
-allow  ${HOME}/.config/falkon
+whitelist ${HOME}/.config/falkon
-allow  /usr/share/falkon
+whitelist /usr/share/falkon
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index d141c6ed5..8e81000fd 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.FBReader
+noblacklist ${HOME}/.FBReader
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 17a365053..31cb1776c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
 # Persistent global definitions
 include globals.local
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 359be083e..664ec2da6 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/feedreader
+noblacklist ${HOME}/.cache/feedreader
-nodeny  ${HOME}/.local/share/feedreader
+noblacklist ${HOME}/.local/share/feedreader
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/feedreader
 mkdir ${HOME}/.local/share/feedreader
-allow  ${HOME}/.cache/feedreader
+whitelist ${HOME}/.cache/feedreader
-allow  ${HOME}/.local/share/feedreader
+whitelist ${HOME}/.local/share/feedreader
-allow  /usr/share/feedreader
+whitelist /usr/share/feedreader
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index f60055f37..a2372ec8a 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.cache/Ferdi
+noblacklist ${HOME}/.cache/Ferdi
-nodeny  ${HOME}/.config/Ferdi
+noblacklist ${HOME}/.config/Ferdi
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/Ferdi
+whitelist ${HOME}/.cache/Ferdi
-allow  ${HOME}/.config/Ferdi
+whitelist ${HOME}/.config/Ferdi
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 1e06ec29a..7358ed5c7 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.fetchmailrc
+noblacklist ${HOME}/.fetchmailrc
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 1a64183ab..13ef1beb9 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/devedeng
+whitelist /usr/share/devedeng
-allow  /usr/share/ffmpeg
+whitelist /usr/share/ffmpeg
-allow  /usr/share/qtchooser
+whitelist /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index f7a938f24..4eeceeee8 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,9 +13,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/libexec/file-roller
+whitelist /usr/libexec/file-roller
-allow  /usr/libexec/p7zip
+whitelist /usr/libexec/p7zip
-allow  /usr/share/file-roller
+whitelist /usr/share/file-roller
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 426d1e72d..5c7583605 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index d9e0e9da0..dc5def54f 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/filezilla
+noblacklist ${HOME}/.config/filezilla
-nodeny  ${HOME}/.filezilla
+noblacklist ${HOME}/.filezilla
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index e22424794..77487161e 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/firedragon
+noblacklist ${HOME}/.cache/firedragon
-nodeny  ${HOME}/.firedragon
+noblacklist ${HOME}/.firedragon
 mkdir ${HOME}/.cache/firedragon
 mkdir ${HOME}/.firedragon
-allow  ${HOME}/.cache/firedragon
+whitelist ${HOME}/.cache/firedragon
-allow  ${HOME}/.firedragon
+whitelist ${HOME}/.firedragon
 # Add the next lines to your firedragon.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index 7e2e8760d..d282f9a60 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
 ignore private-cache
-nodeny  ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.cache/youtube-dl
-nodeny  ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/okularrc
-nodeny  ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.config/qpdfview
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/okular
+noblacklist ${HOME}/.local/share/kxmlgui5/okular
-nodeny  ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/okular
-nodeny  ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.local/share/qpdfview
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.netrc
-allow  ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-allow  ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/kgetrc
+whitelist ${HOME}/.config/kgetrc
-allow  ${HOME}/.config/mpv
+whitelist ${HOME}/.config/mpv
-allow  ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularpartrc
-allow  ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/okularrc
-allow  ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-silverlight5.1
-allow  ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/pipelight-widevine
-allow  ${HOME}/.config/qpdfview
+whitelist ${HOME}/.config/qpdfview
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/youtube-dl
-allow  ${HOME}/.kde/share/apps/kget
+whitelist ${HOME}/.kde/share/apps/kget
-allow  ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/apps/okular
-allow  ${HOME}/.kde/share/config/kgetrc
+whitelist ${HOME}/.kde/share/config/kgetrc
-allow  ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularpartrc
-allow  ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde/share/config/okularrc
-allow  ${HOME}/.kde4/share/apps/kget
+whitelist ${HOME}/.kde4/share/apps/kget
-allow  ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/apps/okular
-allow  ${HOME}/.kde4/share/config/kgetrc
+whitelist ${HOME}/.kde4/share/config/kgetrc
-allow  ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularpartrc
-allow  ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.kde4/share/config/okularrc
-allow  ${HOME}/.keysnail.js
+whitelist ${HOME}/.keysnail.js
-allow  ${HOME}/.lastpass
+whitelist ${HOME}/.lastpass
-allow  ${HOME}/.local/share/kget
+whitelist ${HOME}/.local/share/kget
-allow  ${HOME}/.local/share/kxmlgui5/okular
+whitelist ${HOME}/.local/share/kxmlgui5/okular
-allow  ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/okular
-allow  ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.local/share/qpdfview
-allow  ${HOME}/.local/share/tridactyl
+whitelist ${HOME}/.local/share/tridactyl
-allow  ${HOME}/.netrc
+whitelist ${HOME}/.netrc
-allow  ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pentadactylrc
-allow  ${HOME}/.tridactylrc
+whitelist ${HOME}/.tridactylrc
-allow  ${HOME}/.vimperator
+whitelist ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
+whitelist ${HOME}/.vimperatorrc
-allow  ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight
-allow  ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.wine-pipelight64
-allow  ${HOME}/.zotero
+whitelist ${HOME}/.zotero
-allow  ${HOME}/dwhelper
+whitelist ${HOME}/dwhelper
-allow  /usr/share/lua
+whitelist /usr/share/lua
-allow  /usr/share/lua*
+whitelist /usr/share/lua*
-allow  /usr/share/vulkan
+whitelist /usr/share/vulkan
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-nodeny  ${HOME}/.local/share/gnome-shell
+noblacklist ${HOME}/.local/share/gnome-shell
-allow  ${HOME}/.local/share/gnome-shell
+whitelist ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.ChromeGnomeShell
 dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index cb0fae5dc..8b74ed979 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 4fd315fdf..5e69fdb51 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
 # added by included profile
 #include globals.local
-allow  /usr/share/firefox-esr
+whitelist /usr/share/firefox-esr
 # Redirect
 include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 8acfe7c2a..3ad67734d 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-deny  /usr/libexec
+blacklist /usr/libexec
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.cache/mozilla/firefox
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
 # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/firefox
+whitelist /usr/share/firefox
-allow  /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
+whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
+whitelist /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index bd1becaf0..2c86d3ac7 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/five-or-more
+noblacklist ${HOME}/.local/share/five-or-more
 mkdir ${HOME}/.local/share/five-or-more
-allow  ${HOME}/.local/share/five-or-more
+whitelist ${HOME}/.local/share/five-or-more
-allow  /usr/share/five-or-more
+whitelist /usr/share/five-or-more
 private-bin five-or-more
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index f16a65536..55af96c84 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${HOME}/.config/Dharkael
+noblacklist ${HOME}/.config/Dharkael
-nodeny  ${HOME}/.config/flameshot
+noblacklist ${HOME}/.config/flameshot
 include disable-common.inc
 include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
 #whitelist ${HOME}/.config/flameshot
-allow  /usr/share/flameshot
+whitelist /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index af114e129..310fb378f 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/slimjet
+noblacklist ${HOME}/.cache/slimjet
-nodeny  ${HOME}/.config/slimjet
+noblacklist ${HOME}/.config/slimjet
 mkdir ${HOME}/.cache/slimjet
 mkdir ${HOME}/.config/slimjet
-allow  ${HOME}/.cache/slimjet
+whitelist ${HOME}/.cache/slimjet
-allow  ${HOME}/.config/slimjet
+whitelist ${HOME}/.config/slimjet
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index 505763fb9..a4421e3ce 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/flowblade
+noblacklist ${HOME}/.config/flowblade
-nodeny  ${HOME}/.flowblade
+noblacklist ${HOME}/.flowblade
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index a22c0e103..1210f365c 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
 include globals.local
 # all applications started in fluxbox will run in this profile
-nodeny  ${HOME}/.fluxbox
+noblacklist ${HOME}/.fluxbox
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index ff9167c1a..cd0129436 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/font-manager
+noblacklist ${HOME}/.cache/font-manager
-nodeny  ${HOME}/.config/font-manager
+noblacklist ${HOME}/.config/font-manager
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
-allow  ${HOME}/.cache/font-manager
+whitelist ${HOME}/.cache/font-manager
-allow  ${HOME}/.config/font-manager
+whitelist ${HOME}/.config/font-manager
-allow  /usr/share/font-manager
+whitelist /usr/share/font-manager
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index 64c7655e2..bd1495877 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.FontForge
+noblacklist ${HOME}/.FontForge
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 5e5a12794..2d700d336 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.cache/fossamail
+noblacklist ${HOME}/.cache/fossamail
-nodeny  ${HOME}/.fossamail
+noblacklist ${HOME}/.fossamail
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 mkdir ${HOME}/.cache/fossamail
 mkdir ${HOME}/.fossamail
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.cache/fossamail
+whitelist ${HOME}/.cache/fossamail
-allow  ${HOME}/.fossamail
+whitelist ${HOME}/.fossamail
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
 include whitelist-common.inc
 # allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index 97fd4a626..eb0c43ca5 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
-allow  /usr/share/four-in-a-row
+whitelist /usr/share/four-in-a-row
 private-bin four-in-a-row
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 8edc9b02d..1b1d031b4 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/fractal
+noblacklist ${HOME}/.cache/fractal
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/fractal
-allow  ${HOME}/.cache/fractal
+whitelist ${HOME}/.cache/fractal
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 1a8ec8f99..9b780a572 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
 ignore noexec /tmp
-nodeny  ${HOME}/.cache/Franz
+noblacklist ${HOME}/.cache/Franz
-nodeny  ${HOME}/.config/Franz
+noblacklist ${HOME}/.config/Franz
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.local/share/pki
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/Franz
+whitelist ${HOME}/.cache/Franz
-allow  ${HOME}/.config/Franz
+whitelist ${HOME}/.config/Franz
-allow  ${HOME}/.pki
+whitelist ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index a45ad4c7a..8043d0530 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/FreeCAD
+noblacklist ${HOME}/.config/FreeCAD
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 20abd4056..23c19682c 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.freeciv
+noblacklist ${HOME}/.freeciv
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.freeciv
-allow  ${HOME}/.freeciv
+whitelist ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 79ccf4101..93fa7da03 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.freecol
+noblacklist ${HOME}/.freecol
-nodeny  ${HOME}/.cache/freecol
+noblacklist ${HOME}/.cache/freecol
-nodeny  ${HOME}/.config/freecol
+noblacklist ${HOME}/.config/freecol
-nodeny  ${HOME}/.local/share/freecol
+noblacklist ${HOME}/.local/share/freecol
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
 mkdir ${HOME}/.cache/freecol
 mkdir ${HOME}/.config/freecol
 mkdir ${HOME}/.local/share/freecol
-allow  ${HOME}/.freecol
+whitelist ${HOME}/.freecol
-allow  ${HOME}/.java
+whitelist ${HOME}/.java
-allow  ${HOME}/.cache/freecol
+whitelist ${HOME}/.cache/freecol
-allow  ${HOME}/.config/freecol
+whitelist ${HOME}/.config/freecol
-allow  ${HOME}/.local/share/freecol
+whitelist ${HOME}/.local/share/freecol
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ba52dd208..699177039 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/.freemind
+noblacklist ${HOME}/.freemind
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index 4c321322c..e6aff533d 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/FreeTube
+noblacklist ${HOME}/.config/FreeTube
 include disable-shell.inc
 mkdir ${HOME}/.config/FreeTube
-allow  ${HOME}/.config/FreeTube
+whitelist ${HOME}/.config/FreeTube
 private-bin freetube
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index 3a6dfcfd6..b4ad81046 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.frogatto
+noblacklist ${HOME}/.frogatto
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.frogatto
-allow  ${HOME}/.frogatto
+whitelist ${HOME}/.frogatto
-allow  /usr/libexec/frogatto
+whitelist /usr/libexec/frogatto
-allow  /usr/share/frogatto
+whitelist /usr/share/frogatto
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 12eca8eb0..76352e41e 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.frozen-bubble
+noblacklist ${HOME}/.frozen-bubble
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.frozen-bubble
-allow  ${HOME}/.frozen-bubble
+whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 07030df4b..8852925b1 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.funnyboat
+noblacklist ${HOME}/.funnyboat
 ignore noexec /dev/shm
 include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.funnyboat
-allow  ${HOME}/.funnyboat
+whitelist ${HOME}/.funnyboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-allow  /usr/share/funnyboat
+whitelist /usr/share/funnyboat
 # Debian:
-allow  /usr/share/games/funnyboat
+whitelist /usr/share/games/funnyboat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index 4cd2cb1e6..ed3f0357d 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.cache/gajim
+noblacklist ${HOME}/.cache/gajim
-nodeny  ${HOME}/.config/gajim
+noblacklist ${HOME}/.config/gajim
-nodeny  ${HOME}/.local/share/gajim
+noblacklist ${HOME}/.local/share/gajim
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.cache/gajim
+whitelist ${HOME}/.cache/gajim
-allow  ${HOME}/.config/gajim
+whitelist ${HOME}/.config/gajim
-allow  ${HOME}/.local/share/gajim
+whitelist ${HOME}/.local/share/gajim
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 0b1b595a6..550b3808b 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/galculator
+noblacklist ${HOME}/.config/galculator
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/galculator
-allow  ${HOME}/.config/galculator
+whitelist ${HOME}/.config/galculator
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 00b830234..3a8c055f2 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 896a100fc..388f4c0df 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
 # noexec ${HOME} will break user-local installs of gcloud tooling
 ignore noexec ${HOME}
-nodeny  ${HOME}/.boto
+noblacklist ${HOME}/.boto
-nodeny  ${HOME}/.config/gcloud
+noblacklist ${HOME}/.config/gcloud
-nodeny  /var/run/docker.sock
+noblacklist /var/run/docker.sock
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index 8f72f0b34..cb39174e5 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
 # added by included profile
 #include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-allow  /usr/share/gconf-editor
+whitelist /usr/share/gconf-editor
 ignore x11 none
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index 8c7013574..fec1a555a 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.config/gconf
+noblacklist ${HOME}/.config/gconf
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/gconf
-allow  ${HOME}/.config/gconf
+whitelist ${HOME}/.config/gconf
-allow  /usr/share/GConf
+whitelist /usr/share/GConf
-allow  /usr/share/gconf
+whitelist /usr/share/gconf
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 706a85c75..6fdb9b37a 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/geany
+noblacklist ${HOME}/.config/geany
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 512fc1e59..74e135a7c 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/evolution
-nodeny  ${HOME}/.cache/folks
+noblacklist ${HOME}/.cache/folks
-nodeny  ${HOME}/.cache/geary
+noblacklist ${HOME}/.cache/geary
-nodeny  ${HOME}/.config/evolution
+noblacklist ${HOME}/.config/evolution
-nodeny  ${HOME}/.config/geary
+noblacklist ${HOME}/.config/geary
-nodeny  ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.local/share/geary
+noblacklist ${HOME}/.local/share/geary
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
 include disable-common.inc
 include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.cache/evolution
+whitelist ${HOME}/.cache/evolution
-allow  ${HOME}/.cache/folks
+whitelist ${HOME}/.cache/folks
-allow  ${HOME}/.cache/geary
+whitelist ${HOME}/.cache/geary
-allow  ${HOME}/.config/evolution
+whitelist ${HOME}/.config/evolution
-allow  ${HOME}/.config/geary
+whitelist ${HOME}/.config/geary
-allow  ${HOME}/.local/share/evolution
+whitelist ${HOME}/.local/share/evolution
-allow  ${HOME}/.local/share/geary
+whitelist ${HOME}/.local/share/geary
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  /usr/share/geary
+whitelist /usr/share/geary
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index f11540374..108b7041d 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
-nodeny  ${HOME}/.config/gedit
+noblacklist ${HOME}/.config/gedit
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index 8ec3bbaf9..dd33b3fb5 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/geeqie
+noblacklist ${HOME}/.cache/geeqie
-nodeny  ${HOME}/.config/geeqie
+noblacklist ${HOME}/.config/geeqie
-nodeny  ${HOME}/.local/share/geeqie
+noblacklist ${HOME}/.local/share/geeqie
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 1661da639..f894a42ca 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gfeeds
+noblacklist ${HOME}/.cache/gfeeds
-nodeny  ${HOME}/.cache/org.gabmus.gfeeds
+noblacklist ${HOME}/.cache/org.gabmus.gfeeds
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.json
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
 mkdir ${HOME}/.cache/org.gabmus.gfeeds
 mkfile ${HOME}/.config/org.gabmus.gfeeds.json
 mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  ${HOME}/.cache/gfeeds
+whitelist ${HOME}/.cache/gfeeds
-allow  ${HOME}/.cache/org.gabmus.gfeeds
+whitelist ${HOME}/.cache/org.gabmus.gfeeds
-allow  ${HOME}/.config/org.gabmus.gfeeds.json
+whitelist ${HOME}/.config/org.gabmus.gfeeds.json
-allow  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  /usr/libexec/webkit2gtk-4.0
+whitelist /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/gfeeds
+whitelist /usr/share/gfeeds
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index 06929dbe3..d9c5a0d9a 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 0577fe24f..276ab76df 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ghostwriter
+noblacklist ${HOME}/.config/ghostwriter
-nodeny  ${HOME}/.local/share/ghostwriter
+noblacklist ${HOME}/.local/share/ghostwriter
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include allow-lua.inc
@@ -22,10 +22,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/ghostwriter
+whitelist /usr/share/ghostwriter
-allow  /usr/share/mozilla-dicts
+whitelist /usr/share/mozilla-dicts
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/pandoc*
+whitelist /usr/share/pandoc*
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index de9db8d0f..dfc1304d1 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
 # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/babl
+noblacklist ${HOME}/.cache/babl
-nodeny  ${HOME}/.cache/gegl-0.4
+noblacklist ${HOME}/.cache/gegl-0.4
-nodeny  ${HOME}/.cache/gimp
+noblacklist ${HOME}/.cache/gimp
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/gegl-0.4
+whitelist /usr/share/gegl-0.4
-allow  /usr/share/gimp
+whitelist /usr/share/gimp
-allow  /usr/share/mypaint-data
+whitelist /usr/share/mypaint-data
-allow  /usr/share/lensfun
+whitelist /usr/share/lensfun
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index e601d3ab0..661c3a375 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.gist
+noblacklist ${HOME}/.gist
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gist
-allow  ${HOME}/.gist
+whitelist ${HOME}/.gist
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 74b7506cf..5e4249376 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.subversion
+noblacklist ${HOME}/.subversion
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.config/git-cola
+noblacklist ${HOME}/.config/git-cola
 # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
 #noblacklist ${HOME}/
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
 # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
-allow  /usr/share/git
+whitelist /usr/share/git
-allow  /usr/share/git-cola
+whitelist /usr/share/git-cola
-allow  /usr/share/git-core
+whitelist /usr/share/git-core
-allow  /usr/share/git-gui
+whitelist /usr/share/git-gui
-allow  /usr/share/gitk
+whitelist /usr/share/gitk
-allow  /usr/share/gitweb
+whitelist /usr/share/gitweb
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index 680e91085..bfa0081c6 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.config/nano
+noblacklist ${HOME}/.config/nano
-nodeny  ${HOME}/.emacs
+noblacklist ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs.d
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.nanorc
+noblacklist ${HOME}/.nanorc
-nodeny  ${HOME}/.vim
+noblacklist ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.viminfo
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/git
+whitelist /usr/share/git
-allow  /usr/share/git-core
+whitelist /usr/share/git-core
-allow  /usr/share/gitgui
+whitelist /usr/share/gitgui
-allow  /usr/share/gitweb
+whitelist /usr/share/gitweb
-allow  /usr/share/nano
+whitelist /usr/share/nano
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index d313b5022..05d7dffa9 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
-nodeny  ${HOME}/.local/share/gitg
+noblacklist ${HOME}/.local/share/gitg
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
 #whitelist ${HOME}/.ssh
 #include whitelist-common.inc
-allow  /usr/share/gitg
+whitelist /usr/share/gitg
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 81b534a74..325c54ced 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
-nodeny  ${HOME}/.config/GitHub Desktop
+noblacklist ${HOME}/.config/GitHub Desktop
-nodeny  ${HOME}/.config/git
+noblacklist ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
+noblacklist ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.git-credentials
 # no3d
 nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 2d1694ef7..460e2b990 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/autostart
-nodeny  ${HOME}/.config/Gitter
+noblacklist ${HOME}/.config/Gitter
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.config/Gitter
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/autostart
+whitelist ${HOME}/.config/autostart
-allow  ${HOME}/.config/Gitter
+whitelist ${HOME}/.config/Gitter
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index e00bb1dbf..ed68b3c2d 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
-nodeny  ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.cache/org.gnome.Books
-nodeny  ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index a3236c2be..c8cefc67e 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gl-117
+noblacklist ${HOME}/.gl-117
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gl-117
-allow  ${HOME}/.gl-117
+whitelist ${HOME}/.gl-117
-allow  /usr/share/gl-117
+whitelist /usr/share/gl-117
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ec894a5f3..ee7af0546 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.glaxiumrc
+noblacklist ${HOME}/.glaxiumrc
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/.glaxiumrc
-allow  ${HOME}/.glaxiumrc
+whitelist ${HOME}/.glaxiumrc
-allow  /usr/share/glaxium
+whitelist /usr/share/glaxium
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index e091b811f..14b3ef811 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/globaltime
+noblacklist ${HOME}/.config/globaltime
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index 79397d28f..b3aad8b2c 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gmpc
+noblacklist ${HOME}/.config/gmpc
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/gmpc
-allow  ${HOME}/.config/gmpc
+whitelist ${HOME}/.config/gmpc
-allow  ${MUSIC}
+whitelist ${MUSIC}
-allow  /usr/share/gmpc
+whitelist /usr/share/gmpc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index c723f6e46..777c81dbe 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-2048
+noblacklist ${HOME}/.local/share/gnome-2048
 mkdir ${HOME}/.local/share/gnome-2048
-allow  ${HOME}/.local/share/gnome-2048
+whitelist ${HOME}/.local/share/gnome-2048
 private-bin gnome-2048
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 2ed5fa76b..34a7f557c 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.cache/org.gnome.Books
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 7dd1c6e22..37ca5aeff 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.bash_history
+noblacklist ${HOME}/.bash_history
-nodeny  ${HOME}/.cache/gnome-builder
+noblacklist ${HOME}/.cache/gnome-builder
-nodeny  ${HOME}/.config/gnome-builder
+noblacklist ${HOME}/.config/gnome-builder
-nodeny  ${HOME}/.local/share/gnome-builder
+noblacklist ${HOME}/.local/share/gnome-builder
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index d91fbaa4b..03acd66aa 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 806d7e571..741fe9bf7 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/org.gnome.Characters
+whitelist /usr/share/org.gnome.Characters
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index 095210565..bd39f625c 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-chess
+noblacklist ${HOME}/.config/gnome-chess
-nodeny  ${HOME}/.local/share/gnome-chess
+noblacklist ${HOME}/.local/share/gnome-chess
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.local/share/gnome-chess
 #include whitelist-common.inc
-allow  /usr/share/gnuchess
+whitelist /usr/share/gnuchess
-allow  /usr/share/gnome-chess
+whitelist /usr/share/gnome-chess
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 7e2d458fd..1e7c70b84 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gnome-clocks
+whitelist /usr/share/gnome-clocks
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index 7902fa169..dcc6163b6 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 0f601149f..29ad67af8 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 50c3e2c6f..2db956faf 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/gnome-hexgl
+whitelist /usr/share/gnome-hexgl
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 62a5a34ea..25b4c47de 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index ed074f944..c67a5c0da 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-klotski
+noblacklist ${HOME}/.local/share/gnome-klotski
 mkdir ${HOME}/.local/share/gnome-klotski
-allow  ${HOME}/.local/share/gnome-klotski
+whitelist ${HOME}/.local/share/gnome-klotski
 private-bin gnome-klotski
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 4a03a7ff5..1a7eafeca 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-latex
+noblacklist ${HOME}/.config/gnome-latex
-nodeny  ${HOME}/.local/share/gnome-latex
+noblacklist ${HOME}/.local/share/gnome-latex
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /usr/share/gnome-latex
+whitelist /usr/share/gnome-latex
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 # May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index fcc02dc76..9d2ea7b7b 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /var/log/journal
+whitelist /var/log/journal
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index e21f03efe..42409dce8 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
 # Persistent global definitions
 include globals.local
-allow  /usr/share/gnome-mahjongg
+whitelist /usr/share/gnome-mahjongg
 private-bin gnome-mahjongg
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index cf4eceee3..23aab343f 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/champlain
+noblacklist ${HOME}/.cache/champlain
-nodeny  ${HOME}/.cache/org.gnome.Maps
+noblacklist ${HOME}/.cache/org.gnome.Maps
-nodeny  ${HOME}/.local/share/maps-places.json
+noblacklist ${HOME}/.local/share/maps-places.json
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/champlain
 mkfile ${HOME}/.local/share/maps-places.json
-allow  ${HOME}/.cache/champlain
+whitelist ${HOME}/.cache/champlain
-allow  ${HOME}/.local/share/maps-places.json
+whitelist ${HOME}/.local/share/maps-places.json
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  /usr/share/gnome-maps
+whitelist /usr/share/gnome-maps
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 1b2949bc5..4fe8986c2 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-mines
+noblacklist ${HOME}/.local/share/gnome-mines
 mkdir ${HOME}/.local/share/gnome-mines
-allow  ${HOME}/.local/share/gnome-mines
+whitelist ${HOME}/.local/share/gnome-mines
-allow  /usr/share/gnome-mines
+whitelist /usr/share/gnome-mines
 private-bin gnome-mines
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index c1cbc796a..43fe71f5e 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-mplayer
+noblacklist ${HOME}/.config/gnome-mplayer
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 8fd0826c4..2fcbe9910 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-music
+noblacklist ${HOME}/.local/share/gnome-music
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index a929582f8..814751db3 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/gnome-nettool
+whitelist /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index d4c037a41..b22810d34 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
 ignore machine-id
 ignore nosound
-nodeny  ${HOME}/.local/share/gnome-nibbles
+noblacklist ${HOME}/.local/share/gnome-nibbles
 mkdir ${HOME}/.local/share/gnome-nibbles
-allow  ${HOME}/.local/share/gnome-nibbles
+whitelist ${HOME}/.local/share/gnome-nibbles
-allow  /usr/share/gnome-nibbles
+whitelist /usr/share/gnome-nibbles
 private-bin gnome-nibbles
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index d2cf828cc..fee5f88b9 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
 # Persistent global definitions
 include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/cracklib
+whitelist /usr/share/cracklib
-allow  /usr/share/passwordsafe
+whitelist /usr/share/passwordsafe
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 3702da2c7..58bf3f349 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index e9ae2bcb0..41903b136 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnome-pie
+noblacklist ${HOME}/.config/gnome-pie
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index bec23910c..c2ba7556d 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-pomodoro
+noblacklist ${HOME}/.local/share/gnome-pomodoro
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.local/share/gnome-pomodoro
-allow  ${HOME}/.local/share/gnome-pomodoro
+whitelist ${HOME}/.local/share/gnome-pomodoro
-allow  /usr/share/gnome-pomodoro
+whitelist /usr/share/gnome-pomodoro
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 5ef33fdd8..48c98ebe0 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
 include globals.local
-nodeny  ${HOME}/.cache/gnome-recipes
+noblacklist ${HOME}/.cache/gnome-recipes
-nodeny  ${HOME}/.local/share/gnome-recipes
+noblacklist ${HOME}/.local/share/gnome-recipes
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
-allow  ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
-allow  ${HOME}/.local/share/gnome-recipes
+whitelist ${HOME}/.local/share/gnome-recipes
-allow  /usr/share/gnome-recipes
+whitelist /usr/share/gnome-recipes
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index b34d264f4..78ceb9c4f 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-ring
+noblacklist ${HOME}/.local/share/gnome-ring
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 836d4e2b2..8835f2b93 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
-allow  /usr/share/gnome-robots
+whitelist /usr/share/gnome-robots
 private-bin gnome-robots
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 146f8bc4e..69c90b33d 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnome/gnome-schedule
+noblacklist ${HOME}/.gnome/gnome-schedule
 # Needs at and crontab to read/write user cron
-nodeny  ${PATH}/at
+noblacklist ${PATH}/at
-nodeny  ${PATH}/crontab
+noblacklist ${PATH}/crontab
 # Needs access to these files/dirs
-nodeny  /etc/cron.allow
+noblacklist /etc/cron.allow
-nodeny  /etc/cron.deny
+noblacklist /etc/cron.deny
-nodeny  /etc/shadow
+noblacklist /etc/shadow
-nodeny  /var/spool/cron
+noblacklist /var/spool/cron
 # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
 # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
 include disable-xdg.inc
 mkfile ${HOME}/.gnome/gnome-schedule
-allow  ${HOME}/.gnome/gnome-schedule
+whitelist ${HOME}/.gnome/gnome-schedule
-allow  /usr/share/gnome-schedule
+whitelist /usr/share/gnome-schedule
-allow  /var/spool/atd
+whitelist /var/spool/atd
-allow  /var/spool/cron
+whitelist /var/spool/cron
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index 175549e99..b683b6f6c 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${HOME}/.cache/gnome-screenshot
+noblacklist ${HOME}/.cache/gnome-screenshot
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index c2fb14fa4..34f5fdeff 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/Trash
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 3b7835e52..12fd48a86 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/gnome-sudoku
+noblacklist ${HOME}/.local/share/gnome-sudoku
 mkdir ${HOME}/.local/share/gnome-sudoku
-allow  ${HOME}/.local/share/gnome-sudoku
+whitelist ${HOME}/.local/share/gnome-sudoku
 private-bin gnome-sudoku
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 6978f7cab..8a818695d 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /var/log
+whitelist /var/log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index ac87cf70f..2341334f7 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
-allow  /usr/share/gnome-taquin
+whitelist /usr/share/gnome-taquin
 private-bin gnome-taquin
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 092fd58a3..3b147cd48 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gnome-todo
+whitelist /usr/share/gnome-todo
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index d76872ea6..b8ec195d3 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gnome-twitch
+noblacklist ${HOME}/.cache/gnome-twitch
-nodeny  ${HOME}/.local/share/gnome-twitch
+noblacklist ${HOME}/.local/share/gnome-twitch
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/gnome-twitch
 mkdir ${HOME}/.local/share/gnome-twitch
-allow  ${HOME}/.cache/gnome-twitch
+whitelist ${HOME}/.cache/gnome-twitch
-allow  ${HOME}/.local/share/gnome-twitch
+whitelist ${HOME}/.local/share/gnome-twitch
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 6f557ff8d..2e08fa41d 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-nodeny  ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index 261efefac..c3014a288 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gnote
+noblacklist ${HOME}/.config/gnote
-nodeny  ${HOME}/.local/share/gnote
+noblacklist ${HOME}/.local/share/gnote
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
-allow  ${HOME}/.config/gnote
+whitelist ${HOME}/.config/gnote
-allow  ${HOME}/.local/share/gnote
+whitelist ${HOME}/.local/share/gnote
-allow  /usr/share/gnote
+whitelist /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index e6fbca26f..22851ce9f 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gnubik
+whitelist /usr/share/gnubik
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index f35a53ca4..09ca17caa 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/godot
+noblacklist ${HOME}/.cache/godot
-nodeny  ${HOME}/.config/godot
+noblacklist ${HOME}/.config/godot
-nodeny  ${HOME}/.local/share/godot
+noblacklist ${HOME}/.local/share/godot
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 95dd41c2a..8399d77c4 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index 07f0e587d..ebe5e870b 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/google-chrome-beta
+noblacklist ${HOME}/.cache/google-chrome-beta
-nodeny  ${HOME}/.config/google-chrome-beta
+noblacklist ${HOME}/.config/google-chrome-beta
-nodeny  ${HOME}/.config/chrome-beta-flags.conf
+noblacklist ${HOME}/.config/chrome-beta-flags.conf
-nodeny  ${HOME}/.config/chrome-beta-flags.config
+noblacklist ${HOME}/.config/chrome-beta-flags.config
 mkdir ${HOME}/.cache/google-chrome-beta
 mkdir ${HOME}/.config/google-chrome-beta
-allow  ${HOME}/.cache/google-chrome-beta
+whitelist ${HOME}/.cache/google-chrome-beta
-allow  ${HOME}/.config/google-chrome-beta
+whitelist ${HOME}/.config/google-chrome-beta
-allow  ${HOME}/.config/chrome-beta-flags.conf
+whitelist ${HOME}/.config/chrome-beta-flags.conf
-allow  ${HOME}/.config/chrome-beta-flags.config
+whitelist ${HOME}/.config/chrome-beta-flags.config
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 229904411..4d303f71b 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/google-chrome-unstable
+noblacklist ${HOME}/.cache/google-chrome-unstable
-nodeny  ${HOME}/.config/google-chrome-unstable
+noblacklist ${HOME}/.config/google-chrome-unstable
-nodeny  ${HOME}/.config/chrome-unstable-flags.conf
+noblacklist ${HOME}/.config/chrome-unstable-flags.conf
-nodeny  ${HOME}/.config/chrome-unstable-flags.config
+noblacklist ${HOME}/.config/chrome-unstable-flags.config
 mkdir ${HOME}/.cache/google-chrome-unstable
 mkdir ${HOME}/.config/google-chrome-unstable
-allow  ${HOME}/.cache/google-chrome-unstable
+whitelist ${HOME}/.cache/google-chrome-unstable
-allow  ${HOME}/.config/google-chrome-unstable
+whitelist ${HOME}/.config/google-chrome-unstable
-allow  ${HOME}/.config/chrome-unstable-flags.conf
+whitelist ${HOME}/.config/chrome-unstable-flags.conf
-allow  ${HOME}/.config/chrome-unstable-flags.config
+whitelist ${HOME}/.config/chrome-unstable-flags.config
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index f61642f17..ed2595f72 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/google-chrome
+noblacklist ${HOME}/.cache/google-chrome
-nodeny  ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.config/google-chrome
-nodeny  ${HOME}/.config/chrome-flags.conf
+noblacklist ${HOME}/.config/chrome-flags.conf
-nodeny  ${HOME}/.config/chrome-flags.config
+noblacklist ${HOME}/.config/chrome-flags.config
 mkdir ${HOME}/.cache/google-chrome
 mkdir ${HOME}/.config/google-chrome
-allow  ${HOME}/.cache/google-chrome
+whitelist ${HOME}/.cache/google-chrome
-allow  ${HOME}/.config/google-chrome
+whitelist ${HOME}/.config/google-chrome
-allow  ${HOME}/.config/chrome-flags.conf
+whitelist ${HOME}/.config/chrome-flags.conf
-allow  ${HOME}/.config/chrome-flags.config
+whitelist ${HOME}/.config/chrome-flags.config
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 6039f7cbd..65ac04771 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Google
+noblacklist ${HOME}/.config/Google
-nodeny  ${HOME}/.googleearth
+noblacklist ${HOME}/.googleearth
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google
 mkdir ${HOME}/.googleearth
-allow  ${HOME}/.config/Google
+whitelist ${HOME}/.config/Google
-allow  ${HOME}/.googleearth
+whitelist ${HOME}/.googleearth
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index fdb65b93c..a7aabe105 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
 # noexec /tmp breaks mpris support
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Google Play Music Desktop Player
+noblacklist ${HOME}/.config/Google Play Music Desktop Player
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google Play Music Desktop Player
 # whitelist ${HOME}/.config/pulse
 # whitelist ${HOME}/.pulse
-allow  ${HOME}/.config/Google Play Music Desktop Player
+whitelist ${HOME}/.config/Google Play Music Desktop Player
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 952c9c1d4..2d0bce52b 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
 # added by caller profile
 #include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 9b8da361b..37b4f0b1c 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 5fa66bb55..7f0b614b1 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 2ad896abe..4a4d6527c 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/keyring
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
-allow  /usr/share/pacman/keyrings
+whitelist /usr/share/pacman/keyrings
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 0552dc3d7..fa53c26c8 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gpicview
+noblacklist ${HOME}/.config/gpicview
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
-allow  /usr/share/gpicview
+whitelist /usr/share/gpicview
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index c9e62a73f..253d644f1 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Gpredict
+noblacklist ${HOME}/.config/Gpredict
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 mkdir ${HOME}/.config/Gpredict
-allow  ${HOME}/.config/Gpredict
+whitelist ${HOME}/.config/Gpredict
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2aebe2338..2b4c536d2 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gradio
+noblacklist ${HOME}/.cache/gradio
-nodeny  ${HOME}/.local/share/gradio
+noblacklist ${HOME}/.local/share/gradio
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
-allow  ${HOME}/.cache/gradio
+whitelist ${HOME}/.cache/gradio
-allow  ${HOME}/.local/share/gradio
+whitelist ${HOME}/.local/share/gradio
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index 53f0baccb..c7e0c2977 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gramps
+noblacklist ${HOME}/.gramps
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.gramps
-allow  ${HOME}/.gramps
+whitelist ${HOME}/.gramps
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index ecc871c2e..890ba2560 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/gravity-beams-and-evaporating-stars
+whitelist /usr/share/gravity-beams-and-evaporating-stars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 9a4f7b4fb..5927e8c4d 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/gthumb
+noblacklist ${HOME}/.config/gthumb
-nodeny  ${HOME}/.Steam
+noblacklist ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.steam
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index d6bb9902a..c8addae75 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 8241de43a..787c7bd90 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
 ignore quiet
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 6ea4ebbdc..988882622 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
 ignore quiet
-nodeny  /tmp/.X11-unix
+noblacklist /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 731bcad1d..3d2b71e9d 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.guayadeque
+noblacklist ${HOME}/.guayadeque
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 5cdc2cc18..2223c37a1 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/gummi
+noblacklist ${HOME}/.cache/gummi
-nodeny  ${HOME}/.config/gummi
+noblacklist ${HOME}/.config/gummi
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 3404f5177..9221ca31c 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/guvcview2
+noblacklist ${HOME}/.config/guvcview2
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/guvcview2
-allow  ${HOME}/.config/guvcview2
+whitelist ${HOME}/.config/guvcview2
-allow  ${PICTURES}
+whitelist ${PICTURES}
-allow  ${VIDEOS}
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index 132b5a2e2..d33e2a673 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/gwenviewrc
-nodeny  ${HOME}/.config/org.kde.gwenviewrc
+noblacklist ${HOME}/.config/org.kde.gwenviewrc
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
-nodeny  ${HOME}/.kde/share/apps/gwenview
+noblacklist ${HOME}/.kde/share/apps/gwenview
-nodeny  ${HOME}/.kde/share/config/gwenviewrc
+noblacklist ${HOME}/.kde/share/config/gwenviewrc
-nodeny  ${HOME}/.kde4/share/apps/gwenview
+noblacklist ${HOME}/.kde4/share/apps/gwenview
-nodeny  ${HOME}/.kde4/share/config/gwenviewrc
+noblacklist ${HOME}/.kde4/share/config/gwenviewrc
-nodeny  ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/gwenview
-nodeny  ${HOME}/.local/share/kxmlgui5/gwenview
+noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
-nodeny  ${HOME}/.local/share/org.kde.gwenview
+noblacklist ${HOME}/.local/share/org.kde.gwenview
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index 46c98bdc2..b261c16f4 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index c102ac4cb..847e1ec1e 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ghb
+noblacklist ${HOME}/.config/ghb
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index d98a1b554..aab4b0c21 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${HOME}/.hashcat
+noblacklist ${HOME}/.hashcat
-nodeny  /usr/include
+noblacklist /usr/include
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 1c2a44e06..44584f26b 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
 # common profile for hasher/checksum tools
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 # Comment/uncomment the relevant include file(s) in your hasher-common.local
 # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index 90833af91..c0675d8ec 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.hedgewars
+noblacklist ${HOME}/.hedgewars
 include allow-lua.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 mkdir ${HOME}/.hedgewars
-allow  ${HOME}/.hedgewars
+whitelist ${HOME}/.hedgewars
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index 993efb591..b887de147 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/hexchat
+noblacklist ${HOME}/.config/hexchat
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/hexchat
-allow  ${HOME}/.config/hexchat
+whitelist ${HOME}/.config/hexchat
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 53db642dc..643736ac7 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index ef259cc00..199b1a5e5 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/homebank
+noblacklist ${HOME}/.config/homebank
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.config/homebank
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/homebank
+whitelist ${HOME}/.config/homebank
-allow  /usr/share/homebank
+whitelist /usr/share/homebank
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 63e1be259..00d9f7a76 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${PATH}/host
+noblacklist ${PATH}/host
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index db5cd29cc..267712c87 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.hugin
+noblacklist ${HOME}/.hugin
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 1fb33ceb8..e66ffd7e1 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/hyperrogue.ini
+noblacklist ${HOME}/hyperrogue.ini
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 mkfile ${HOME}/hyperrogue.ini
-allow  ${HOME}/hyperrogue.ini
+whitelist ${HOME}/hyperrogue.ini
-allow  /usr/share/hyperrogue
+whitelist /usr/share/hyperrogue
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index c8a2e8a04..47c984175 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
 # Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/i2p
+noblacklist ${HOME}/.config/i2p
-nodeny  ${HOME}/.i2p
+noblacklist ${HOME}/.i2p
-nodeny  ${HOME}/.local/share/i2p
+noblacklist ${HOME}/.local/share/i2p
-nodeny  ${HOME}/i2p
+noblacklist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
 mkdir ${HOME}/.i2p
 mkdir ${HOME}/.local/share/i2p
 mkdir ${HOME}/i2p
-allow  ${HOME}/.config/i2p
+whitelist ${HOME}/.config/i2p
-allow  ${HOME}/.i2p
+whitelist ${HOME}/.i2p
-allow  ${HOME}/.local/share/i2p
+whitelist ${HOME}/.local/share/i2p
-allow  ${HOME}/i2p
+whitelist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-allow  /usr/sbin/wrapper*
+whitelist /usr/sbin/wrapper*
 include whitelist-common.inc
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index 95ddad221..e96b1843c 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
 include globals.local
 # all applications started in i3 will run in this profile
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 0de2f658b..660343a29 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
 mkdir ${HOME}/.cache/mozilla/icecat
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/icecat
+whitelist ${HOME}/.cache/mozilla/icecat
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla
 # private-etc must first be enabled in firefox-common.profile
 #private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 0c22d87d0..19690cd5a 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
-nodeny  ${HOME}/.cache/icedove
+noblacklist ${HOME}/.cache/icedove
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.icedove
+noblacklist ${HOME}/.icedove
 mkdir ${HOME}/.cache/icedove
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.icedove
-allow  ${HOME}/.cache/icedove
+whitelist ${HOME}/.cache/icedove
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.icedove
+whitelist ${HOME}/.icedove
 include whitelist-common.inc
 ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 180b62ec2..680b8e777 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.IdeaIC*
+noblacklist ${HOME}/.IdeaIC*
-nodeny  ${HOME}/.android
+noblacklist ${HOME}/.android
-nodeny  ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
+noblacklist ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.tooling
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 5d28e7aca..12ce7976b 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.imagej
+noblacklist ${HOME}/.imagej
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index 70d56a7dc..c26958d06 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/imlib2
+whitelist /usr/share/imlib2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index 4914cd9d0..c152be01c 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
 # Persistent global definitions
 #include globals.local
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/opengl-games-utils
+whitelist /usr/share/opengl-games-utils
-allow  /usr/share/zenity
+whitelist /usr/share/zenity
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 1a949b300..35dd86b32 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/inkscape
+noblacklist ${HOME}/.cache/inkscape
-nodeny  ${HOME}/.config/inkscape
+noblacklist ${HOME}/.config/inkscape
-nodeny  ${HOME}/.inkscape
+noblacklist ${HOME}/.inkscape
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow exporting .xcf files
-nodeny  ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.gimp*
 # Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/inkscape
+whitelist /usr/share/inkscape
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index 1591ed7ea..a5cac12f2 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/inox
+noblacklist ${HOME}/.cache/inox
-nodeny  ${HOME}/.config/inox
+noblacklist ${HOME}/.config/inox
 mkdir ${HOME}/.cache/inox
 mkdir ${HOME}/.config/inox
-allow  ${HOME}/.cache/inox
+whitelist ${HOME}/.cache/inox
-allow  ${HOME}/.config/inox
+whitelist ${HOME}/.config/inox
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index f361fd663..3037d00e9 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
-nodeny  ${HOME}/.cache/iridium
+noblacklist ${HOME}/.cache/iridium
-nodeny  ${HOME}/.config/iridium
+noblacklist ${HOME}/.config/iridium
 mkdir ${HOME}/.cache/iridium
 mkdir ${HOME}/.config/iridium
-allow  ${HOME}/.cache/iridium
+whitelist ${HOME}/.cache/iridium
-allow  ${HOME}/.config/iridium
+whitelist ${HOME}/.config/iridium
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index fa0bcf986..e02dcbdb1 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
-nodeny  ${HOME}/.itch
+noblacklist ${HOME}/.itch
-nodeny  ${HOME}/.config/itch
+noblacklist ${HOME}/.config/itch
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
-allow  ${HOME}/.itch
+whitelist ${HOME}/.itch
-allow  ${HOME}/.config/itch
+whitelist ${HOME}/.config/itch
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index e4be574df..3e9abf369 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/jami
+noblacklist ${HOME}/.config/jami
-nodeny  ${HOME}/.local/share/jami
+noblacklist ${HOME}/.local/share/jami
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 mkdir ${HOME}/.config/jami
 mkdir ${HOME}/.local/share/jami
-allow  ${HOME}/.config/jami
+whitelist ${HOME}/.config/jami
-allow  ${HOME}/.local/share/jami
+whitelist ${HOME}/.local/share/jami
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index bfea84c69..7d29f1068 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/jd-gui.cfg
+noblacklist ${HOME}/.config/jd-gui.cfg
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index c41027618..85b1f2120 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/dkl
+noblacklist ${HOME}/.config/dkl
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index 9ca30c36d..edb7ed840 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
 ignore noexec /tmp
-nodeny  ${HOME}/.config/Jitsi Meet
+noblacklist ${HOME}/.config/Jitsi Meet
-noallow  ${DOWNLOADS}
+nowhitelist ${DOWNLOADS}
 mkdir ${HOME}/.config/Jitsi Meet
-allow  ${HOME}/.config/Jitsi Meet
+whitelist ${HOME}/.config/Jitsi Meet
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index f53e6ca32..223c360b8 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.jitsi
+noblacklist ${HOME}/.jitsi
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index c0a78ecc0..9954b8aea 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.jumpnbump
+noblacklist ${HOME}/.jumpnbump
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 mkdir ${HOME}/.jumpnbump
-allow  ${HOME}/.jumpnbump
+whitelist ${HOME}/.jumpnbump
-allow  /usr/share/jumpnbump
+whitelist /usr/share/jumpnbump
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 73ce8670f..5ae90dff6 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/k3brc
+noblacklist ${HOME}/.config/k3brc
-nodeny  ${HOME}/.kde/share/config/k3brc
+noblacklist ${HOME}/.kde/share/config/k3brc
-nodeny  ${HOME}/.kde4/share/config/k3brc
+noblacklist ${HOME}/.kde4/share/config/k3brc
-nodeny  ${HOME}/.local/share/kxmlgui5/k3b
+noblacklist ${HOME}/.local/share/kxmlgui5/k3b
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index e6a00e350..d55fd22cb 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kaffeinerc
+noblacklist ${HOME}/.config/kaffeinerc
-nodeny  ${HOME}/.kde/share/apps/kaffeine
+noblacklist ${HOME}/.kde/share/apps/kaffeine
-nodeny  ${HOME}/.kde/share/config/kaffeinerc
+noblacklist ${HOME}/.kde/share/config/kaffeinerc
-nodeny  ${HOME}/.kde4/share/apps/kaffeine
+noblacklist ${HOME}/.kde4/share/apps/kaffeine
-nodeny  ${HOME}/.kde4/share/config/kaffeinerc
+noblacklist ${HOME}/.kde4/share/config/kaffeinerc
-nodeny  ${HOME}/.local/share/kaffeine
+noblacklist ${HOME}/.local/share/kaffeine
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 98b04353e..503dac4b6 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kalgebrarc
+noblacklist ${HOME}/.config/kalgebrarc
-nodeny  ${HOME}/.local/share/kalgebra
+noblacklist ${HOME}/.local/share/kalgebra
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  /usr/share/kalgebramobile
+whitelist /usr/share/kalgebramobile
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index db5394550..231299a2f 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
 # added by included profile
 #include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/karbon
+noblacklist ${HOME}/.local/share/kxmlgui5/karbon
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index d2b180492..27b87e7c3 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/katemetainfos
+noblacklist ${HOME}/.config/katemetainfos
-nodeny  ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/katevirc
-nodeny  ${HOME}/.local/share/kate
+noblacklist ${HOME}/.local/share/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/katefiletree
+noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
-nodeny  ${HOME}/.local/share/kxmlgui5/katekonsole
+noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
-nodeny  ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
-nodeny  ${HOME}/.local/share/kxmlgui5/katepart
+noblacklist ${HOME}/.local/share/kxmlgui5/katepart
-nodeny  ${HOME}/.local/share/kxmlgui5/kateproject
+noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
-nodeny  ${HOME}/.local/share/kxmlgui5/katesearch
+noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index a4e2e64f4..9795cf168 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
-nodeny  ${HOME}/.config/kazam
+noblacklist ${HOME}/.config/kazam
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/kazam
+whitelist /usr/share/kazam
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index fcb168d4d..e36ee5ed2 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/kxmlgui5/kcalc
+noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
 include disable-common.inc
 include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.config/kcalcrc
+whitelist ${HOME}/.config/kcalcrc
-allow  ${HOME}/.kde/share/config/kcalcrc
+whitelist ${HOME}/.kde/share/config/kcalcrc
-allow  ${HOME}/.kde4/share/config/kcalcrc
+whitelist ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.local/share/kxmlgui5/kcalc
+whitelist ${HOME}/.local/share/kxmlgui5/kcalc
-allow  /usr/share/config.kcfg/kcalc.kcfg
+whitelist /usr/share/config.kcfg/kcalc.kcfg
-allow  /usr/share/kcalc
+whitelist /usr/share/kcalc
-allow  /usr/share/kconf_update/kcalcrc.upd
+whitelist /usr/share/kconf_update/kcalcrc.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index 4acafbf2a..d2a08a269 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
 ignore noexec ${HOME}
-nodeny  ${HOME}/.cache/kdenlive
+noblacklist ${HOME}/.cache/kdenlive
-nodeny  ${HOME}/.config/kdenliverc
+noblacklist ${HOME}/.config/kdenliverc
-nodeny  ${HOME}/.local/share/kdenlive
+noblacklist ${HOME}/.local/share/kdenlive
-nodeny  ${HOME}/.local/share/kxmlgui5/kdenlive
+noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 0c37f7968..7c1cb2294 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kdiff3fileitemactionrc
+noblacklist ${HOME}/.config/kdiff3fileitemactionrc
-nodeny  ${HOME}/.config/kdiff3rc
+noblacklist ${HOME}/.config/kdiff3rc
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-deny  ${HOME}/.ssh
+blacklist ${HOME}/.ssh
-deny  ${HOME}/.gnupg
+blacklist ${HOME}/.gnupg
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index 9c06962bc..ae8971ab4 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/KeePass
+noblacklist ${HOME}/.config/KeePass
-nodeny  ${HOME}/.config/keepass
+noblacklist ${HOME}/.config/keepass
-nodeny  ${HOME}/.keepass
+noblacklist ${HOME}/.keepass
-nodeny  ${HOME}/.local/share/KeePass
+noblacklist ${HOME}/.local/share/KeePass
-nodeny  ${HOME}/.local/share/keepass
+noblacklist ${HOME}/.local/share/keepass
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 2772fa8bf..ac364986d 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/keepassx
+noblacklist ${HOME}/.config/keepassx
-nodeny  ${HOME}/.keepassx
+noblacklist ${HOME}/.keepassx
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 9c530b20d..f71dcf82b 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${HOME}/*.kdbx
-nodeny  ${HOME}/.cache/keepassxc
+noblacklist ${HOME}/.cache/keepassxc
-nodeny  ${HOME}/.config/keepassxc
+noblacklist ${HOME}/.config/keepassxc
-nodeny  ${HOME}/.config/KeePassXCrc
+noblacklist ${HOME}/.config/KeePassXCrc
-nodeny  ${HOME}/.keepassxc
+noblacklist ${HOME}/.keepassxc
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 # Allow browser profiles, required for browser integration.
-nodeny  ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.config/google-chrome
-nodeny  ${HOME}/.config/vivaldi
+noblacklist ${HOME}/.config/vivaldi
-nodeny  ${HOME}/.local/share/torbrowser
+noblacklist ${HOME}/.local/share/torbrowser
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/KeePassXCrc
 #include whitelist-common.inc
-allow  /usr/share/keepassxc
+whitelist /usr/share/keepassxc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 30c041cbc..2c684504b 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/kget
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 84d135fc3..9bcede077 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
 # This file is overwritten after every install/update
 include kid3-qt.local
-nodeny  ${HOME}/.config/Kid3
+noblacklist ${HOME}/.config/Kid3
 # Redirect
 include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index 0ef2a7845..e18292e99 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
 # Persistent global definitions
 include globals.local
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${HOME}/.config/kid3rc
+noblacklist ${HOME}/.config/kid3rc
-nodeny  ${HOME}/.local/share/kxmlgui5/kid3
+noblacklist ${HOME}/.local/share/kxmlgui5/kid3
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 833c1d22a..74014ffe6 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kino-history
+noblacklist ${HOME}/.kino-history
-nodeny  ${HOME}/.kinorc
+noblacklist ${HOME}/.kinorc
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index b188ba0e3..40ee0bbc7 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/kiwix
+noblacklist ${HOME}/.local/share/kiwix
-nodeny  ${HOME}/.local/share/kiwix-desktop
+noblacklist ${HOME}/.local/share/kiwix-desktop
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/kiwix
 mkdir ${HOME}/.local/share/kiwix-desktop
-allow  ${HOME}/.local/share/kiwix
+whitelist ${HOME}/.local/share/kiwix
-allow  ${HOME}/.local/share/kiwix-desktop
+whitelist ${HOME}/.local/share/kiwix-desktop
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index e087e4973..c6a9023f1 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kde/share/apps/klatexformula
+noblacklist ${HOME}/.kde/share/apps/klatexformula
-nodeny  ${HOME}/.klatexformula
+noblacklist ${HOME}/.klatexformula
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index ec3912419..f5cd3a48c 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/klavaro
+noblacklist ${HOME}/.config/klavaro
-nodeny  ${HOME}/.local/share/klavaro
+noblacklist ${HOME}/.local/share/klavaro
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/klavaro
 mkdir ${HOME}/.config/klavaro
-allow  ${HOME}/.local/share/klavaro
+whitelist ${HOME}/.local/share/klavaro
-allow  ${HOME}/.config/klavaro
+whitelist ${HOME}/.config/klavaro
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 3c582c08c..95ae98e53 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
-nodeny  ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.cache/kmail2
+noblacklist ${HOME}/.cache/kmail2
-nodeny  ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/kmailsearchindexingrc
+noblacklist ${HOME}/.config/kmailsearchindexingrc
-nodeny  ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/emailidentities
+noblacklist ${HOME}/.local/share/emailidentities
-nodeny  ${HOME}/.local/share/kmail2
+noblacklist ${HOME}/.local/share/kmail2
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail2
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
-nodeny  ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
+noblacklist ${HOME}/.local/share/notes
-nodeny  /tmp/akonadi-*
+noblacklist /tmp/akonadi-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index d2ce14ab6..e88b53499 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/kmplayerrc
+noblacklist ${HOME}/.config/kmplayerrc
-nodeny  ${HOME}/.kde/share/config/kmplayerrc
+noblacklist ${HOME}/.kde/share/config/kmplayerrc
-nodeny  ${HOME}/.local/share/kmplayer
+noblacklist ${HOME}/.local/share/kmplayer
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index 5a9ac34da..f155d0ad6 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
 # knotes has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when knotes is started
-nodeny  ${HOME}/.config/knotesrc
+noblacklist ${HOME}/.config/knotesrc
-nodeny  ${HOME}/.local/share/knotes
+noblacklist ${HOME}/.local/share/knotes
-nodeny  ${HOME}/.local/share/kxmlgui5/knotes
+noblacklist ${HOME}/.local/share/kxmlgui5/knotes
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index 2725c87be..b7091f1fc 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
 #ignore noroot
 #ignore private-dev
-nodeny  ${HOME}/.kodi
+noblacklist ${HOME}/.kodi
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index d8ce33838..5b5ed6e24 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/konversationrc
+noblacklist ${HOME}/.config/konversationrc
-nodeny  ${HOME}/.config/konversation.notifyrc
+noblacklist ${HOME}/.config/konversation.notifyrc
-nodeny  ${HOME}/.kde/share/config/konversationrc
+noblacklist ${HOME}/.kde/share/config/konversationrc
-nodeny  ${HOME}/.kde4/share/config/konversationrc
+noblacklist ${HOME}/.kde4/share/config/konversationrc
-nodeny  ${HOME}/.local/share/kxmlgui5/konversation
+noblacklist ${HOME}/.local/share/kxmlgui5/konversation
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 749591f32..88f47d1bf 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.kde/share/apps/kopete
+noblacklist ${HOME}/.kde/share/apps/kopete
-nodeny  ${HOME}/.kde/share/config/kopeterc
+noblacklist ${HOME}/.kde/share/config/kopeterc
-nodeny  ${HOME}/.kde4/share/apps/kopete
+noblacklist ${HOME}/.kde4/share/apps/kopete
-nodeny  ${HOME}/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.kde4/share/config/kopeterc
-nodeny  ${HOME}/.local/share/kxmlgui5/kopete
+noblacklist ${HOME}/.local/share/kxmlgui5/kopete
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/lib/winpopup
+whitelist /var/lib/winpopup
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 950341def..8604e63d0 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
 # noexec ${HOME} may break krita, see issue #1953
 ignore noexec ${HOME}
-nodeny  ${HOME}/.config/kritarc
+noblacklist ${HOME}/.config/kritarc
-nodeny  ${HOME}/.local/share/krita
+noblacklist ${HOME}/.local/share/krita
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 7b325d273..9cb5eff87 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 # noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/krunnerrc
+noblacklist ${HOME}/.config/krunnerrc
-nodeny  ${HOME}/.kde/share/config/krunnerrc
+noblacklist ${HOME}/.kde/share/config/krunnerrc
-nodeny  ${HOME}/.kde4/share/config/krunnerrc
+noblacklist ${HOME}/.kde4/share/config/krunnerrc
 # noblacklist ${HOME}/.local/share/baloo
 # noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index ac9fee585..5a85194e0 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ktorrentrc
+noblacklist ${HOME}/.config/ktorrentrc
-nodeny  ${HOME}/.kde/share/apps/ktorrent
+noblacklist ${HOME}/.kde/share/apps/ktorrent
-nodeny  ${HOME}/.kde/share/config/ktorrentrc
+noblacklist ${HOME}/.kde/share/config/ktorrentrc
-nodeny  ${HOME}/.kde4/share/apps/ktorrent
+noblacklist ${HOME}/.kde4/share/apps/ktorrent
-nodeny  ${HOME}/.kde4/share/config/ktorrentrc
+noblacklist ${HOME}/.kde4/share/config/ktorrentrc
-nodeny  ${HOME}/.local/share/ktorrent
+noblacklist ${HOME}/.local/share/ktorrent
-nodeny  ${HOME}/.local/share/kxmlgui5/ktorrent
+noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
 include disable-common.inc
 include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/.config/ktorrentrc
+whitelist ${HOME}/.config/ktorrentrc
-allow  ${HOME}/.kde/share/apps/ktorrent
+whitelist ${HOME}/.kde/share/apps/ktorrent
-allow  ${HOME}/.kde/share/config/ktorrentrc
+whitelist ${HOME}/.kde/share/config/ktorrentrc
-allow  ${HOME}/.kde4/share/apps/ktorrent
+whitelist ${HOME}/.kde4/share/apps/ktorrent
-allow  ${HOME}/.kde4/share/config/ktorrentrc
+whitelist ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${HOME}/.local/share/ktorrent
+whitelist ${HOME}/.local/share/ktorrent
-allow  ${HOME}/.local/share/kxmlgui5/ktorrent
+whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 71f8e4977..4cf72b74c 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/ktouch2rc
+noblacklist ${HOME}/.config/ktouch2rc
-nodeny  ${HOME}/.local/share/ktouch
+noblacklist ${HOME}/.local/share/ktouch
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
 mkfile ${HOME}/.config/ktouch2rc
 mkdir ${HOME}/.local/share/ktouch
-allow  ${HOME}/.config/ktouch2rc
+whitelist ${HOME}/.config/ktouch2rc
-allow  ${HOME}/.local/share/ktouch
+whitelist ${HOME}/.local/share/ktouch
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 74ffd1162..4e9a12e5f 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.mozilla
-nodeny  ${HOME}/.cache/kube
+noblacklist ${HOME}/.cache/kube
-nodeny  ${HOME}/.config/kube
+noblacklist ${HOME}/.config/kube
-nodeny  ${HOME}/.config/sink
+noblacklist ${HOME}/.config/sink
-nodeny  ${HOME}/.local/share/kube
+noblacklist ${HOME}/.local/share/kube
-nodeny  ${HOME}/.local/share/sink
+noblacklist ${HOME}/.local/share/sink
 include disable-common.inc
 include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
 mkdir ${HOME}/.config/sink
 mkdir ${HOME}/.local/share/kube
 mkdir ${HOME}/.local/share/sink
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.cache/kube
+whitelist ${HOME}/.cache/kube
-allow  ${HOME}/.config/kube
+whitelist ${HOME}/.config/kube
-allow  ${HOME}/.config/sink
+whitelist ${HOME}/.config/sink
-allow  ${HOME}/.local/share/kube
+whitelist ${HOME}/.local/share/kube
-allow  ${HOME}/.local/share/sink
+whitelist ${HOME}/.local/share/sink
-allow  ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/gnupg
-allow  /usr/share/kube
+whitelist /usr/share/kube
-allow  /usr/share/gnupg
+whitelist /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 580f93736..15e7ceb17 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
 # fix automatical kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
-nodeny  ${HOME}/.cache/kwin
+noblacklist ${HOME}/.cache/kwin
-nodeny  ${HOME}/.config/kwinrc
+noblacklist ${HOME}/.config/kwinrc
-nodeny  ${HOME}/.config/kwinrulesrc
+noblacklist ${HOME}/.config/kwinrulesrc
-nodeny  ${HOME}/.local/share/kwin
+noblacklist ${HOME}/.local/share/kwin
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 08b0e0224..804ffafeb 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/katevirc
-nodeny  ${HOME}/.config/kwriterc
+noblacklist ${HOME}/.config/kwriterc
-nodeny  ${HOME}/.local/share/kwrite
+noblacklist ${HOME}/.local/share/kwrite
-nodeny  ${HOME}/.local/share/kxmlgui5/kwrite
+noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index 91693bfc1..ac1b8785d 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-allow  /var/lib
+whitelist /var/lib
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index e154708eb..4bbb0a86d 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/leafpad
+noblacklist ${HOME}/.config/leafpad
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index abee392de..8eb5ad0c2 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
 # Persistent global definitions
 include globals.local
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
-nodeny  ${HOME}/.lesshst
+noblacklist ${HOME}/.lesshst
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index 8ec41eee3..c57eae73d 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/LibreCAD
+noblacklist ${HOME}/.config/LibreCAD
-nodeny  ${HOME}/.local/share/LibreCAD
+noblacklist ${HOME}/.local/share/LibreCAD
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
-allow  /usr/share/librecad
+whitelist /usr/share/librecad
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index ae01d39b8..b1a24888c 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
 # Persistent global definitions
 include globals.local
-nodeny  /usr/local/sbin
+noblacklist /usr/local/sbin
-nodeny  ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
 # libreoffice uses java for some functionality.
 # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
-deny  /usr/libexec
+blacklist /usr/libexec
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 5c614ab8e..da047357a 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/librewolf
+noblacklist ${HOME}/.cache/librewolf
-nodeny  ${HOME}/.librewolf
+noblacklist ${HOME}/.librewolf
 mkdir ${HOME}/.cache/librewolf
 mkdir ${HOME}/.librewolf
-allow  ${HOME}/.cache/librewolf
+whitelist ${HOME}/.cache/librewolf
-allow  ${HOME}/.librewolf
+whitelist ${HOME}/.librewolf
 # Add the next lines to your librewolf.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ allow  ${HOME}/.librewolf
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-allow  /usr/share/doc
+whitelist /usr/share/doc
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
+whitelist /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 595ecc257..7afca1d5f 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/liferea
+noblacklist ${HOME}/.cache/liferea
-nodeny  ${HOME}/.config/liferea
+noblacklist ${HOME}/.config/liferea
-nodeny  ${HOME}/.local/share/liferea
+noblacklist ${HOME}/.local/share/liferea
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/liferea
 mkdir ${HOME}/.config/liferea
 mkdir ${HOME}/.local/share/liferea
-allow  ${HOME}/.cache/liferea
+whitelist ${HOME}/.cache/liferea
-allow  ${HOME}/.config/liferea
+whitelist ${HOME}/.config/liferea
-allow  ${HOME}/.local/share/liferea
+whitelist ${HOME}/.local/share/liferea
-allow  /usr/share/liferea
+whitelist /usr/share/liferea
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index 58d5bcd6d..c065c44a9 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
 # Persistent global definitions
 include globals.local
-allow  /usr/share/lightsoff
+whitelist /usr/share/lightsoff
 private-bin lightsoff
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index e14c50d77..4254b7f33 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.lincity-ng
+noblacklist ${HOME}/.lincity-ng
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 mkdir ${HOME}/.lincity-ng
-allow  ${HOME}/.lincity-ng
+whitelist ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 51e3d5b94..cd885b1d4 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
 # common profile for links browsers
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index ae57601ca..8ce39cc7f 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.links
+noblacklist ${HOME}/.links
 mkdir ${HOME}/.links
-allow  ${HOME}/.links
+whitelist ${HOME}/.links
 private-bin links
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index eb349c73a..5f91dfcd2 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.links2
+noblacklist ${HOME}/.links2
 mkdir ${HOME}/.links2
-allow  ${HOME}/.links2
+whitelist ${HOME}/.links2
 private-bin links2
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index dd1dac05b..7ebdbef4c 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/linphone
+noblacklist ${HOME}/.config/linphone
-nodeny  ${HOME}/.linphone-history.db
+noblacklist ${HOME}/.linphone-history.db
-nodeny  ${HOME}/.linphonerc
+noblacklist ${HOME}/.linphonerc
-nodeny  ${HOME}/.local/share/linphone
+noblacklist ${HOME}/.local/share/linphone
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
 # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
 mkdir ${HOME}/.config/linphone
 mkdir ${HOME}/.local/share/linphone
-allow  ${HOME}/.config/linphone
+whitelist ${HOME}/.config/linphone
-allow  ${HOME}/.linphone-history.db
+whitelist ${HOME}/.linphone-history.db
-allow  ${HOME}/.linphonerc
+whitelist ${HOME}/.linphonerc
-allow  ${HOME}/.local/share/linphone
+whitelist ${HOME}/.local/share/linphone
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index b22110fdc..48b0e14dc 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.lmmsrc.xml
+noblacklist ${HOME}/.lmmsrc.xml
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index 0a7ce86e8..f2676fec5 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.local/share/lollypop
+noblacklist ${HOME}/.local/share/lollypop
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 30802b3b7..174c65a65 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
 # note: crashes after entering
-nodeny  ${HOME}/.config/lugaru
+noblacklist ${HOME}/.config/lugaru
-nodeny  ${HOME}/.local/share/lugaru
+noblacklist ${HOME}/.local/share/lugaru
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/lugaru
 mkdir ${HOME}/.local/share/lugaru
-allow  ${HOME}/.config/lugaru
+whitelist ${HOME}/.config/lugaru
-allow  ${HOME}/.local/share/lugaru
+whitelist ${HOME}/.local/share/lugaru
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 73400dbd6..31067034e 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/Luminance
+noblacklist ${HOME}/.config/Luminance
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 9d5169b80..80a3aba86 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
 # Persistent global definitions
 include globals.local
-nodeny  ${PATH}/llvm*
+noblacklist ${PATH}/llvm*
-nodeny  ${HOME}/Games
+noblacklist ${HOME}/Games
-nodeny  ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/lutris
-nodeny  ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.cache/winetricks
-nodeny  ${HOME}/.config/lutris
+noblacklist ${HOME}/.config/lutris
-nodeny  ${HOME}/.local/share/lutris
+noblacklist ${HOME}/.local/share/lutris
 # noblacklist ${HOME}/.wine
-nodeny  /tmp/.wine-*
+noblacklist /tmp/.wine-*
 # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
 # Lutris won't even start.
-nodeny  /sbin
+noblacklist /sbin
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 ignore noexec ${HOME}
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
 # mkdir ${HOME}/.wine
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
-allow  ${HOME}/Games
+whitelist ${HOME}/Games
-allow  ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/lutris
-allow  ${HOME}/.cache/winetricks
+whitelist ${HOME}/.cache/winetricks
-allow  ${HOME}/.config/lutris
+whitelist ${HOME}/.config/lutris
-allow  ${HOME}/.local/share/lutris
+whitelist ${HOME}/.local/share/lutris
 # whitelist ${HOME}/.wine
-allow  /usr/share/lutris
+whitelist /usr/share/lutris
-allow  /usr/share/wine
+whitelist /usr/share/wine
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index 43147211b..b2a56012e 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.config/lximage-qt
+noblacklist ${HOME}/.config/lximage-qt
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index c849f2ad2..cc4b95551 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
 # Persistent global definitions
 include globals.local
-nodeny  ${HOME}/.cache/xmms2
+noblacklist ${HOME}/.cache/xmms2
-nodeny  ${HOME}/.config/xmms2
+noblacklist ${HOME}/.config/xmms2
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 15c8f1faa..a919e924b 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
 # Persistent global definitions
 include globals.local
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index 358dbf2f2..fa69463d1 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
 ignore private-tmp
-nodeny  ${HOME}/.config/LyX
+noblacklist ${HOME}/.config/LyX
-nodeny  ${HOME}/.lyx
+noblacklist ${HOME}/.lyx
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
-allow  /usr/share/lyx
+whitelist /usr/share/lyx
-allow  /usr/share/texinfo
+whitelist /usr/share/texinfo
-allow  /usr/share/texlive
+whitelist /usr/share/texlive
-allow  /usr/share/texmf-dist
+whitelist /usr/share/texmf-dist
-allow  /usr/share/tlpkg
+whitelist /usr/share/tlpkg
 include whitelist-usr-share-common.inc
 apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 3a4edcf69..4637419bf 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
 include globals.local
 # all applications started in sway will run in this profile
-nodeny  ${HOME}/.config/sway
+noblacklist ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 caps.drop all