From f43382f1e9707b4fd5e63c7bfe881912aa4ee994 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jul 2021 20:39:14 -0300
Subject: Revert "move whitelist/blacklist to allow/deny"

This reverts commit fe0f975f447d59977d90c3226cc8c623b31b20b3.

Note: This only reverts the changes from etc.

The 4 aliases introduced on commit 45f2ba544 are mere, well, aliases.
That is, they fail to address the different usability problems discussed
on [#3447][3447] and in fact only make things more confusing (as has
already been mentioned on [this][4379] and later comments).  The main
reason is that the aliases do not meaningfully map to the original
commands.  For example, the commands from each pair below seem like they
would do the exact same thing:

* `allow` and `nodeny`
* `deny` and `noallow`

Additionally, if these aliases are not the final commands, but only a
test/work-in-progress, then keeping the wide-scale search/replace
changes made on commit fe0f975f4 would only serve to cause confusion, as
users of firejail-git, contributors and downstream projects might start
changing the commands used on their profiles, only to later have to
change them again, potentially to completely different commands.

The sooner this is undone the better, as (besides the above reasons) the
more profile changes there are between the original commit and the
revert, the harder it is to e.g.: `git diff` versions of files across
the following revision ranges: before the commit, after the commit but
before the revert and after the revert.  Note: This is still the case
even if a commit is [ignored by `git blame`][4390].

So let us revert fe0f975f4 and only reapply similar large-scale changes
once we have discussed and settled on better commands.

How the revert was applied: Despite using the auto-generated message
from `git revert`, to ensure correctness and to avoid conflicts the
changes were reverted in different steps: Firstly, revert the files
which can be safely reverted directly ("filestorevert"):

    # Find out which files have been changed on fe0f975f44, but have not
    # been changed afterwards and list them on "filestorevert"
    git show --pretty='' --name-only fe0f975f44 -- etc | LC_ALL=C sort >allfiles
    git diff --name-only fe0f975f44..master -- etc | LC_ALL=C sort >filestoignore
    comm -2 -3 allfiles filestoignore >filestorevert

    # Note: There are 3 extra files on filestoignore because they were
    # added after commit fe0f975f44
    wc -l allfiles filestoignore filestorevert | head -n 3
    #   797 allfiles
    #     8 filestoignore
    #   792 filestorevert

    # Automatically revert files in "filestorevert"
    # See https://stackoverflow.com/a/23401018/10095231
    tr '\n' '\000' <filestorevert | xargs -0 git show fe0f975f44 -- |
    git apply --reverse

    printf 'Total files reverted:\n'
    git diff --name-only | wc -l
    # 792

Secondly, do some search/replace on the rest:

    tr '\n' '\000' <filestoignore | xargs -0 sed -i.bak \
      -e 's/allow  /whitelist /' -e 's/noallow  /nowhitelist /' \
      -e 's/deny  /blacklist /' -e 's/nodeny  /noblacklist /' \
      -e 's/deny-nolog  /blacklist-nolog /'

    find etc -name '*.bak' -print0 | xargs -0 rm

Thirdly, verify the result.  The following command shows the difference
between all the changes in etc from before fe0f975f44 and this commit
(inclusive):

    git diff fe0f975f44~1 -- etc

From the output, it looks like all alias changes are fully reverted and
that the other changes to etc (from after fe0f975f44) remain, so the
revert seems to be done correctly.

[3447]: https://github.com/netblue30/firejail/issues/3447
[4379]: https://github.com/netblue30/firejail/issues/4379#issuecomment-876460222
[4390]: https://github.com/netblue30/firejail/issues/4390
---
 etc/profile-a-l/0ad.profile                        |  18 +--
 etc/profile-a-l/2048-qt.profile                    |   8 +-
 etc/profile-a-l/Cryptocat.profile                  |   2 +-
 etc/profile-a-l/Discord.profile                    |   4 +-
 etc/profile-a-l/DiscordCanary.profile              |   4 +-
 etc/profile-a-l/Fritzing.profile                   |   4 +-
 etc/profile-a-l/JDownloader.profile                |   6 +-
 etc/profile-a-l/abiword.profile                    |   4 +-
 etc/profile-a-l/abrowser.profile                   |   8 +-
 etc/profile-a-l/agetpkg.profile                    |   6 +-
 etc/profile-a-l/akonadi_control.profile            |  32 ++---
 etc/profile-a-l/akregator.profile                  |  14 +--
 etc/profile-a-l/alacarte.profile                   |  14 +--
 etc/profile-a-l/alienarena.profile                 |   6 +-
 etc/profile-a-l/alpine.profile                     |  46 ++++----
 etc/profile-a-l/amarok.profile                     |   2 +-
 etc/profile-a-l/amule.profile                      |   6 +-
 etc/profile-a-l/android-studio.profile             |  14 +--
 etc/profile-a-l/anki.profile                       |   8 +-
 etc/profile-a-l/anydesk.profile                    |   4 +-
 etc/profile-a-l/aosp.profile                       |  14 +--
 etc/profile-a-l/apostrophe.profile                 |  18 +--
 etc/profile-a-l/arch-audit.profile                 |   4 +-
 etc/profile-a-l/archaudit-report.profile           |   2 +-
 etc/profile-a-l/archiver-common.profile            |   2 +-
 etc/profile-a-l/ardour5.profile                    |  12 +-
 etc/profile-a-l/arduino.profile                    |   6 +-
 etc/profile-a-l/aria2c.profile                     |  10 +-
 etc/profile-a-l/ark.profile                        |   6 +-
 etc/profile-a-l/arm.profile                        |   4 +-
 etc/profile-a-l/artha.profile                      |  14 +--
 etc/profile-a-l/assogiate.profile                  |   4 +-
 etc/profile-a-l/asunder.profile                    |  10 +-
 etc/profile-a-l/atom.profile                       |   4 +-
 etc/profile-a-l/atril.profile                      |   6 +-
 etc/profile-a-l/audacious.profile                  |   6 +-
 etc/profile-a-l/audacity.profile                   |   6 +-
 etc/profile-a-l/audio-recorder.profile             |  10 +-
 etc/profile-a-l/authenticator-rs.profile           |   8 +-
 etc/profile-a-l/authenticator.profile              |   4 +-
 etc/profile-a-l/autokey-common.profile             |   4 +-
 etc/profile-a-l/avidemux.profile                   |  12 +-
 etc/profile-a-l/aweather.profile                   |   4 +-
 etc/profile-a-l/awesome.profile                    |   2 +-
 etc/profile-a-l/ballbuster.profile                 |   6 +-
 etc/profile-a-l/baloo_file.profile                 |  12 +-
 etc/profile-a-l/balsa.profile                      |  36 +++---
 etc/profile-a-l/barrier.profile                    |   6 +-
 etc/profile-a-l/basilisk.profile                   |   8 +-
 etc/profile-a-l/bcompare.profile                   |   4 +-
 etc/profile-a-l/beaker.profile                     |   4 +-
 etc/profile-a-l/bibletime.profile                  |  20 ++--
 etc/profile-a-l/bijiben.profile                    |  14 +--
 etc/profile-a-l/bitcoin-qt.profile                 |   8 +-
 etc/profile-a-l/bitlbee.profile                    |   4 +-
 etc/profile-a-l/bitwarden.profile                  |   4 +-
 etc/profile-a-l/blackbox.profile                   |   2 +-
 etc/profile-a-l/blender.profile                    |   6 +-
 etc/profile-a-l/bless.profile                      |   2 +-
 etc/profile-a-l/blobby.profile                     |   6 +-
 etc/profile-a-l/blobwars.profile                   |   6 +-
 etc/profile-a-l/bnox.profile                       |   8 +-
 etc/profile-a-l/brackets.profile                   |   2 +-
 etc/profile-a-l/brasero.profile                    |   2 +-
 etc/profile-a-l/brave.profile                      |  22 ++--
 etc/profile-a-l/bzflag.profile                     |   4 +-
 etc/profile-a-l/calibre.profile                    |   6 +-
 etc/profile-a-l/calligra.profile                   |   2 +-
 etc/profile-a-l/calligragemini.profile             |   2 +-
 etc/profile-a-l/calligraplan.profile               |   2 +-
 etc/profile-a-l/calligraplanwork.profile           |   2 +-
 etc/profile-a-l/calligrasheets.profile             |   2 +-
 etc/profile-a-l/calligrastage.profile              |   2 +-
 etc/profile-a-l/calligrawords.profile              |   2 +-
 etc/profile-a-l/cameramonitor.profile              |   2 +-
 etc/profile-a-l/cantata.profile                    |   8 +-
 etc/profile-a-l/cargo.profile                      |  10 +-
 etc/profile-a-l/catfish.profile                    |   4 +-
 etc/profile-a-l/cawbird.profile                    |   2 +-
 etc/profile-a-l/celluloid.profile                  |  14 +--
 etc/profile-a-l/checkbashisms.profile              |   4 +-
 etc/profile-a-l/cheese.profile                     |  10 +-
 etc/profile-a-l/cherrytree.profile                 |   4 +-
 etc/profile-a-l/chromium-browser-privacy.profile   |  10 +-
 etc/profile-a-l/chromium-common.profile            |  10 +-
 etc/profile-a-l/chromium.profile                   |  16 +--
 etc/profile-a-l/cin.profile                        |   2 +-
 etc/profile-a-l/clamav.profile                     |   2 +-
 etc/profile-a-l/claws-mail.profile                 |   6 +-
 etc/profile-a-l/clawsker.profile                   |   4 +-
 etc/profile-a-l/clementine.profile                 |   6 +-
 etc/profile-a-l/clion.profile                      |  20 ++--
 etc/profile-a-l/clipgrab.profile                   |   6 +-
 etc/profile-a-l/clipit.profile                     |   8 +-
 etc/profile-a-l/cliqz.profile                      |  12 +-
 etc/profile-a-l/cmus.profile                       |   4 +-
 etc/profile-a-l/code.profile                       |   8 +-
 etc/profile-a-l/colorful.profile                   |   6 +-
 .../com.github.bleakgrey.tootle.profile            |   6 +-
 etc/profile-a-l/com.github.dahenson.agenda.profile |  12 +-
 .../com.github.johnfactotum.Foliate.profile        |  18 +--
 .../com.github.phase1geo.minder.profile            |  14 +--
 etc/profile-a-l/conkeror.profile                   |  22 ++--
 etc/profile-a-l/conky.profile                      |   2 +-
 etc/profile-a-l/corebird.profile                   |   2 +-
 etc/profile-a-l/cower.profile                      |   4 +-
 etc/profile-a-l/coyim.profile                      |   4 +-
 etc/profile-a-l/cpio.profile                       |   4 +-
 etc/profile-a-l/crawl.profile                      |   4 +-
 etc/profile-a-l/crow.profile                       |   4 +-
 etc/profile-a-l/curl.profile                       |   8 +-
 etc/profile-a-l/cyberfox.profile                   |   8 +-
 etc/profile-a-l/d-feet.profile                     |   6 +-
 etc/profile-a-l/darktable.profile                  |   6 +-
 etc/profile-a-l/dbus-send.profile                  |   4 +-
 etc/profile-a-l/dconf-editor.profile               |   2 +-
 etc/profile-a-l/dconf.profile                      |   4 +-
 etc/profile-a-l/ddgtk.profile                      |   4 +-
 etc/profile-a-l/deadbeef.profile                   |   4 +-
 etc/profile-a-l/deluge.profile                     |   6 +-
 etc/profile-a-l/desktopeditors.profile             |   6 +-
 etc/profile-a-l/devhelp.profile                    |   6 +-
 etc/profile-a-l/devilspie.profile                  |   6 +-
 etc/profile-a-l/devilspie2.profile                 |   8 +-
 etc/profile-a-l/dia.profile                        |   6 +-
 etc/profile-a-l/dig.profile                        |  10 +-
 etc/profile-a-l/digikam.profile                    |  12 +-
 etc/profile-a-l/dillo.profile                      |   8 +-
 etc/profile-a-l/dino.profile                       |   6 +-
 etc/profile-a-l/discord-canary.profile             |   4 +-
 etc/profile-a-l/discord-common.profile             |   4 +-
 etc/profile-a-l/discord.profile                    |   4 +-
 etc/profile-a-l/display.profile                    |   2 +-
 etc/profile-a-l/dnox.profile                       |   8 +-
 etc/profile-a-l/dnscrypt-proxy.profile             |  10 +-
 etc/profile-a-l/dnsmasq.profile                    |   8 +-
 etc/profile-a-l/dolphin-emu.profile                |  14 +--
 etc/profile-a-l/dooble.profile                     |   6 +-
 etc/profile-a-l/dosbox.profile                     |   4 +-
 etc/profile-a-l/dragon.profile                     |   8 +-
 etc/profile-a-l/drawio.profile                     |   6 +-
 etc/profile-a-l/drill.profile                      |   6 +-
 etc/profile-a-l/dropbox.profile                    |  14 +--
 etc/profile-a-l/easystroke.profile                 |   4 +-
 etc/profile-a-l/electron-mail.profile              |   6 +-
 etc/profile-a-l/electron.profile                   |   2 +-
 etc/profile-a-l/electrum.profile                   |   4 +-
 etc/profile-a-l/element-desktop.profile            |   6 +-
 etc/profile-a-l/elinks.profile                     |   4 +-
 etc/profile-a-l/emacs.profile                      |   4 +-
 etc/profile-a-l/email-common.profile               |  30 ++---
 etc/profile-a-l/enchant.profile                    |   6 +-
 etc/profile-a-l/enox.profile                       |   8 +-
 etc/profile-a-l/enpass.profile                     |  20 ++--
 etc/profile-a-l/eo-common.profile                  |   8 +-
 etc/profile-a-l/eog.profile                        |   4 +-
 etc/profile-a-l/eom.profile                        |   4 +-
 etc/profile-a-l/ephemeral.profile                  |  10 +-
 etc/profile-a-l/epiphany.profile                   |  14 +--
 etc/profile-a-l/equalx.profile                     |  18 +--
 etc/profile-a-l/etr.profile                        |  10 +-
 etc/profile-a-l/evince.profile                     |  14 +--
 etc/profile-a-l/evolution.profile                  |  18 +--
 etc/profile-a-l/exiftool.profile                   |   4 +-
 etc/profile-a-l/falkon.profile                     |  12 +-
 etc/profile-a-l/fbreader.profile                   |   4 +-
 etc/profile-a-l/fdns.profile                       |   8 +-
 etc/profile-a-l/feedreader.profile                 |  10 +-
 etc/profile-a-l/ferdi.profile                      |  18 +--
 etc/profile-a-l/fetchmail.profile                  |   4 +-
 etc/profile-a-l/ffmpeg.profile                     |  10 +-
 etc/profile-a-l/file-roller.profile                |   6 +-
 etc/profile-a-l/file.profile                       |   2 +-
 etc/profile-a-l/filezilla.profile                  |   4 +-
 etc/profile-a-l/firedragon.profile                 |   8 +-
 etc/profile-a-l/firefox-common-addons.profile      | 130 ++++++++++-----------
 etc/profile-a-l/firefox-common.profile             |  10 +-
 etc/profile-a-l/firefox-esr.profile                |   2 +-
 etc/profile-a-l/firefox.profile                    |  22 ++--
 etc/profile-a-l/five-or-more.profile               |   6 +-
 etc/profile-a-l/flameshot.profile                  |   8 +-
 etc/profile-a-l/flashpeak-slimjet.profile          |   8 +-
 etc/profile-a-l/flowblade.profile                  |   4 +-
 etc/profile-a-l/fluxbox.profile                    |   2 +-
 etc/profile-a-l/font-manager.profile               |  10 +-
 etc/profile-a-l/fontforge.profile                  |   4 +-
 etc/profile-a-l/fossamail.profile                  |  12 +-
 etc/profile-a-l/four-in-a-row.profile              |   2 +-
 etc/profile-a-l/fractal.profile                    |   6 +-
 etc/profile-a-l/franz.profile                      |  18 +--
 etc/profile-a-l/freecad.profile                    |   4 +-
 etc/profile-a-l/freeciv.profile                    |   4 +-
 etc/profile-a-l/freecol.profile                    |  18 +--
 etc/profile-a-l/freemind.profile                   |   4 +-
 etc/profile-a-l/freetube.profile                   |   4 +-
 etc/profile-a-l/frogatto.profile                   |   8 +-
 etc/profile-a-l/frozen-bubble.profile              |   4 +-
 etc/profile-a-l/funnyboat.profile                  |   8 +-
 etc/profile-a-l/gajim.profile                      |  24 ++--
 etc/profile-a-l/galculator.profile                 |   4 +-
 etc/profile-a-l/gapplication.profile               |   4 +-
 etc/profile-a-l/gcloud.profile                     |   6 +-
 etc/profile-a-l/gconf-editor.profile               |   4 +-
 etc/profile-a-l/gconf.profile                      |  10 +-
 etc/profile-a-l/geany.profile                      |   2 +-
 etc/profile-a-l/geary.profile                      |  36 +++---
 etc/profile-a-l/gedit.profile                      |   4 +-
 etc/profile-a-l/geeqie.profile                     |   6 +-
 etc/profile-a-l/gfeeds.profile                     |  20 ++--
 etc/profile-a-l/gget.profile                       |   6 +-
 etc/profile-a-l/ghostwriter.profile                |  16 +--
 etc/profile-a-l/gimp.profile                       |  22 ++--
 etc/profile-a-l/gist.profile                       |  10 +-
 etc/profile-a-l/git-cola.profile                   |  32 ++---
 etc/profile-a-l/git.profile                        |  34 +++---
 etc/profile-a-l/gitg.profile                       |  10 +-
 etc/profile-a-l/github-desktop.profile             |   8 +-
 etc/profile-a-l/gitter.profile                     |  10 +-
 etc/profile-a-l/gjs.profile                        |   8 +-
 etc/profile-a-l/gl-117.profile                     |   6 +-
 etc/profile-a-l/glaxium.profile                    |   6 +-
 etc/profile-a-l/globaltime.profile                 |   2 +-
 etc/profile-a-l/gmpc.profile                       |  10 +-
 etc/profile-a-l/gnome-2048.profile                 |   4 +-
 etc/profile-a-l/gnome-books.profile                |   4 +-
 etc/profile-a-l/gnome-builder.profile              |   8 +-
 etc/profile-a-l/gnome-calendar.profile             |   2 +-
 etc/profile-a-l/gnome-characters.profile           |   2 +-
 etc/profile-a-l/gnome-chess.profile                |   8 +-
 etc/profile-a-l/gnome-clocks.profile               |   4 +-
 etc/profile-a-l/gnome-contacts.profile             |   2 +-
 etc/profile-a-l/gnome-documents.profile            |   4 +-
 etc/profile-a-l/gnome-hexgl.profile                |   2 +-
 etc/profile-a-l/gnome-keyring.profile              |  14 +--
 etc/profile-a-l/gnome-klotski.profile              |   4 +-
 etc/profile-a-l/gnome-latex.profile                |   8 +-
 etc/profile-a-l/gnome-logs.profile                 |   2 +-
 etc/profile-a-l/gnome-mahjongg.profile             |   2 +-
 etc/profile-a-l/gnome-maps.profile                 |  20 ++--
 etc/profile-a-l/gnome-mines.profile                |   6 +-
 etc/profile-a-l/gnome-mplayer.profile              |   6 +-
 etc/profile-a-l/gnome-music.profile                |   4 +-
 etc/profile-a-l/gnome-nettool.profile              |   2 +-
 etc/profile-a-l/gnome-nibbles.profile              |   6 +-
 etc/profile-a-l/gnome-passwordsafe.profile         |  12 +-
 etc/profile-a-l/gnome-photos.profile               |   2 +-
 etc/profile-a-l/gnome-pie.profile                  |   2 +-
 etc/profile-a-l/gnome-pomodoro.profile             |   6 +-
 etc/profile-a-l/gnome-recipes.profile              |  10 +-
 etc/profile-a-l/gnome-ring.profile                 |   2 +-
 etc/profile-a-l/gnome-robots.profile               |   2 +-
 etc/profile-a-l/gnome-schedule.profile             |  22 ++--
 etc/profile-a-l/gnome-screenshot.profile           |   4 +-
 etc/profile-a-l/gnome-sound-recorder.profile       |   4 +-
 etc/profile-a-l/gnome-sudoku.profile               |   4 +-
 etc/profile-a-l/gnome-system-log.profile           |   2 +-
 etc/profile-a-l/gnome-taquin.profile               |   2 +-
 etc/profile-a-l/gnome-todo.profile                 |   2 +-
 etc/profile-a-l/gnome-twitch.profile               |   8 +-
 etc/profile-a-l/gnome-weather.profile              |   2 +-
 etc/profile-a-l/gnote.profile                      |  10 +-
 etc/profile-a-l/gnubik.profile                     |   2 +-
 etc/profile-a-l/godot.profile                      |   6 +-
 etc/profile-a-l/goobox.profile                     |   2 +-
 etc/profile-a-l/google-chrome-beta.profile         |  16 +--
 etc/profile-a-l/google-chrome-unstable.profile     |  16 +--
 etc/profile-a-l/google-chrome.profile              |  16 +--
 etc/profile-a-l/google-earth.profile               |   8 +-
 .../google-play-music-desktop-player.profile       |   4 +-
 etc/profile-a-l/googler-common.profile             |   8 +-
 etc/profile-a-l/gpa.profile                        |   2 +-
 etc/profile-a-l/gpg-agent.profile                  |  16 +--
 etc/profile-a-l/gpg.profile                        |  16 +--
 etc/profile-a-l/gpicview.profile                   |   4 +-
 etc/profile-a-l/gpredict.profile                   |   4 +-
 etc/profile-a-l/gradio.profile                     |   8 +-
 etc/profile-a-l/gramps.profile                     |   4 +-
 .../gravity-beams-and-evaporating-stars.profile    |   2 +-
 etc/profile-a-l/gthumb.profile                     |   6 +-
 etc/profile-a-l/gtk-update-icon-cache.profile      |   2 +-
 etc/profile-a-l/gtk2-youtube-viewer.profile        |   4 +-
 etc/profile-a-l/gtk3-youtube-viewer.profile        |   4 +-
 etc/profile-a-l/guayadeque.profile                 |   4 +-
 etc/profile-a-l/gummi.profile                      |   4 +-
 etc/profile-a-l/guvcview.profile                   |  12 +-
 etc/profile-a-l/gwenview.profile                   |  22 ++--
 etc/profile-a-l/gzip.profile                       |   2 +-
 etc/profile-a-l/handbrake.profile                  |   6 +-
 etc/profile-a-l/hashcat.profile                    |   8 +-
 etc/profile-a-l/hasher-common.profile              |   2 +-
 etc/profile-a-l/hedgewars.profile                  |   4 +-
 etc/profile-a-l/hexchat.profile                    |   4 +-
 etc/profile-a-l/highlight.profile                  |   2 +-
 etc/profile-a-l/homebank.profile                   |   8 +-
 etc/profile-a-l/host.profile                       |   4 +-
 etc/profile-a-l/hugin.profile                      |   6 +-
 etc/profile-a-l/hyperrogue.profile                 |   6 +-
 etc/profile-a-l/i2prouter.profile                  |  20 ++--
 etc/profile-a-l/i3.profile                         |   2 +-
 etc/profile-a-l/icecat.profile                     |   8 +-
 etc/profile-a-l/icedove.profile                    |  12 +-
 etc/profile-a-l/idea.sh.profile                    |  12 +-
 etc/profile-a-l/imagej.profile                     |   2 +-
 etc/profile-a-l/img2txt.profile                    |   8 +-
 etc/profile-a-l/impressive.profile                 |  10 +-
 etc/profile-a-l/inkscape.profile                   |  16 +--
 etc/profile-a-l/inox.profile                       |   8 +-
 etc/profile-a-l/iridium.profile                    |   8 +-
 etc/profile-a-l/itch.profile                       |   8 +-
 etc/profile-a-l/jami-gnome.profile                 |   8 +-
 etc/profile-a-l/jd-gui.profile                     |   2 +-
 etc/profile-a-l/jerry.profile                      |   2 +-
 etc/profile-a-l/jitsi-meet-desktop.profile         |   6 +-
 etc/profile-a-l/jitsi.profile                      |   2 +-
 etc/profile-a-l/jumpnbump.profile                  |   6 +-
 etc/profile-a-l/k3b.profile                        |  10 +-
 etc/profile-a-l/kaffeine.profile                   |  16 +--
 etc/profile-a-l/kalgebra.profile                   |   6 +-
 etc/profile-a-l/karbon.profile                     |   2 +-
 etc/profile-a-l/kate.profile                       |  28 ++---
 etc/profile-a-l/kazam.profile                      |   8 +-
 etc/profile-a-l/kcalc.profile                      |  16 +--
 etc/profile-a-l/kdenlive.profile                   |   8 +-
 etc/profile-a-l/kdiff3.profile                     |   8 +-
 etc/profile-a-l/keepass.profile                    |  16 +--
 etc/profile-a-l/keepassx.profile                   |  10 +-
 etc/profile-a-l/keepassxc.profile                  |  30 ++---
 etc/profile-a-l/kget.profile                       |  14 +--
 etc/profile-a-l/kid3-qt.profile                    |   2 +-
 etc/profile-a-l/kid3.profile                       |   6 +-
 etc/profile-a-l/kino.profile                       |   4 +-
 etc/profile-a-l/kiwix-desktop.profile              |   8 +-
 etc/profile-a-l/klatexformula.profile              |   4 +-
 etc/profile-a-l/klavaro.profile                    |   8 +-
 etc/profile-a-l/kmail.profile                      |  42 +++----
 etc/profile-a-l/kmplayer.profile                   |  10 +-
 etc/profile-a-l/knotes.profile                     |   6 +-
 etc/profile-a-l/kodi.profile                       |   8 +-
 etc/profile-a-l/konversation.profile               |  10 +-
 etc/profile-a-l/kopete.profile                     |  12 +-
 etc/profile-a-l/krita.profile                      |   8 +-
 etc/profile-a-l/krunner.profile                    |   6 +-
 etc/profile-a-l/ktorrent.profile                   |  30 ++---
 etc/profile-a-l/ktouch.profile                     |   8 +-
 etc/profile-a-l/kube.profile                       |  36 +++---
 etc/profile-a-l/kwin_x11.profile                   |   8 +-
 etc/profile-a-l/kwrite.profile                     |  18 +--
 etc/profile-a-l/latex-common.profile               |   2 +-
 etc/profile-a-l/leafpad.profile                    |   2 +-
 etc/profile-a-l/less.profile                       |   4 +-
 etc/profile-a-l/librecad.profile                   |   6 +-
 etc/profile-a-l/libreoffice.profile                |   6 +-
 etc/profile-a-l/librewolf.profile                  |  16 +--
 etc/profile-a-l/liferea.profile                    |  14 +--
 etc/profile-a-l/lightsoff.profile                  |   2 +-
 etc/profile-a-l/lincity-ng.profile                 |   4 +-
 etc/profile-a-l/links-common.profile               |   6 +-
 etc/profile-a-l/links.profile                      |   4 +-
 etc/profile-a-l/links2.profile                     |   4 +-
 etc/profile-a-l/linphone.profile                   |  18 +--
 etc/profile-a-l/lmms.profile                       |   6 +-
 etc/profile-a-l/lollypop.profile                   |   4 +-
 etc/profile-a-l/lugaru.profile                     |   8 +-
 etc/profile-a-l/luminance-hdr.profile              |   4 +-
 etc/profile-a-l/lutris.profile                     |  34 +++---
 etc/profile-a-l/lximage-qt.profile                 |   2 +-
 etc/profile-a-l/lxmusic.profile                    |   6 +-
 etc/profile-a-l/lynx.profile                       |   4 +-
 etc/profile-a-l/lyx.profile                        |  14 +--
 etc/profile-a-l/sway.profile                       |   4 +-
 370 files changed, 1568 insertions(+), 1568 deletions(-)

(limited to 'etc/profile-a-l')

diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 6f493fff1..4009853d3 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/0ad
-nodeny  ${HOME}/.config/0ad
-nodeny  ${HOME}/.local/share/0ad
+noblacklist ${HOME}/.cache/0ad
+noblacklist ${HOME}/.config/0ad
+noblacklist ${HOME}/.local/share/0ad
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/0ad
 mkdir ${HOME}/.config/0ad
 mkdir ${HOME}/.local/share/0ad
-allow  ${HOME}/.cache/0ad
-allow  ${HOME}/.config/0ad
-allow  ${HOME}/.local/share/0ad
-allow  /usr/share/0ad
-allow  /usr/share/games
+whitelist ${HOME}/.cache/0ad
+whitelist ${HOME}/.config/0ad
+whitelist ${HOME}/.local/share/0ad
+whitelist /usr/share/0ad
+whitelist /usr/share/games
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 3a7b331a7..1d787cba7 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/2048-qt
-nodeny  ${HOME}/.config/xiaoyong
+noblacklist ${HOME}/.config/2048-qt
+noblacklist ${HOME}/.config/xiaoyong
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/2048-qt
 mkdir ${HOME}/.config/xiaoyong
-allow  ${HOME}/.config/2048-qt
-allow  ${HOME}/.config/xiaoyong
+whitelist ${HOME}/.config/2048-qt
+whitelist ${HOME}/.config/xiaoyong
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index def0ec111..1d86b0fbf 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Cryptocat
+noblacklist ${HOME}/.config/Cryptocat
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 1d3ae49ca..3f274b21c 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 
 private-bin Discord
 private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index 3c85f187b..d24e73ed8 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 
 private-bin DiscordCanary
 private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 8f746581f..7dc6b5ff0 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Fritzing
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/Fritzing
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index 9a00c3230..d10b70796 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.jd
+noblacklist ${HOME}/.jd
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jd
-allow  ${HOME}/.jd
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.jd
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 2a92c7db4..75da9a956 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/abiword
+noblacklist ${HOME}/.config/abiword
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-allow  /usr/share/abiword-3.0
+whitelist /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 70ddcec20..2e6e8f1af 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/abrowser
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/abrowser
+whitelist ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index d32586c5b..34f59769e 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 7b1d1445f..37fdb38b5 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
-nodeny  /sbin
-nodeny  /tmp/akonadi-*
-nodeny  /usr/sbin
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/notes
+noblacklist /sbin
+noblacklist /tmp/akonadi-*
+noblacklist /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index b2323547c..38fcd2dc1 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/akregatorrc
-nodeny  ${HOME}/.local/share/akregator
-nodeny  ${HOME}/.local/share/kxmlgui5/akregator
+noblacklist ${HOME}/.config/akregatorrc
+noblacklist ${HOME}/.local/share/akregator
+noblacklist ${HOME}/.local/share/kxmlgui5/akregator
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
 mkdir ${HOME}/.local/share/kxmlgui5/akregator
-allow  ${HOME}/.config/akregatorrc
-allow  ${HOME}/.local/share/akregator
-allow  ${HOME}/.local/share/kssl
-allow  ${HOME}/.local/share/kxmlgui5/akregator
+whitelist ${HOME}/.config/akregatorrc
+whitelist ${HOME}/.local/share/akregator
+whitelist ${HOME}/.local/share/kssl
+whitelist ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index ca6c8d887..4c6d68020 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 
 # Whitelist your system icon directory,varies by distro
-allow  /usr/share/alacarte
-allow  /usr/share/app-info
-allow  /usr/share/desktop-directories
-allow  /usr/share/icons
-allow  /var/lib/app-info/icons
-allow  /var/lib/flatpak/exports/share/applications
-allow  /var/lib/flatpak/exports/share/icons
+whitelist /usr/share/alacarte
+whitelist /usr/share/app-info
+whitelist /usr/share/desktop-directories
+whitelist /usr/share/icons
+whitelist /var/lib/app-info/icons
+whitelist /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 220c3345d..81ee6bd46 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/cor-games
+noblacklist ${HOME}/.local/share/cor-games
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/cor-games
-allow  ${HOME}/.local/share/cor-games
-allow  /usr/share/alienarena
+whitelist ${HOME}/.local/share/cor-games
+whitelist /usr/share/alienarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 6fa3edfa1..0b5cf0df0 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
 # Workaround for bug https://github.com/netblue30/firejail/issues/2747
 # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
 
-nodeny  /var/mail
-nodeny  /var/spool/mail
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.addressbook
-nodeny  ${HOME}/.alpine-smime
-nodeny  ${HOME}/.mailcap
-nodeny  ${HOME}/.mh_profile
-nodeny  ${HOME}/.mime.types
-nodeny  ${HOME}/.newsrc
-nodeny  ${HOME}/.pine-crash
-nodeny  ${HOME}/.pine-debug1
-nodeny  ${HOME}/.pine-debug2
-nodeny  ${HOME}/.pine-debug3
-nodeny  ${HOME}/.pine-debug4
-nodeny  ${HOME}/.pine-interrupted-mail
-nodeny  ${HOME}/.pinerc
-nodeny  ${HOME}/.pinercex
-nodeny  ${HOME}/.signature
-nodeny  ${HOME}/mail
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.addressbook
+noblacklist ${HOME}/.alpine-smime
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.mh_profile
+noblacklist ${HOME}/.mime.types
+noblacklist ${HOME}/.newsrc
+noblacklist ${HOME}/.pine-crash
+noblacklist ${HOME}/.pine-debug1
+noblacklist ${HOME}/.pine-debug2
+noblacklist ${HOME}/.pine-debug3
+noblacklist ${HOME}/.pine-debug4
+noblacklist ${HOME}/.pine-interrupted-mail
+noblacklist ${HOME}/.pinerc
+noblacklist ${HOME}/.pinercex
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/mail
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.pine-debug4
 #whitelist ${HOME}/.signature
 #whitelist ${HOME}/mail
-allow  /var/mail
-allow  /var/spool/mail
+whitelist /var/mail
+whitelist /var/spool/mail
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index 03aba36e4..a7caddc4c 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index 00039a7e9..e3c4164ee 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.aMule
+noblacklist ${HOME}/.aMule
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.aMule
-allow  ${DOWNLOADS}
-allow  ${HOME}/.aMule
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.aMule
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5bf6ed773..5a21744cf 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Google
-nodeny  ${HOME}/.AndroidStudio*
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.config/Google
+noblacklist ${HOME}/.AndroidStudio*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index c1aa18ff3..13bb01ce2 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.local/share/Anki2
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.local/share/Anki2
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/Anki2
-allow  ${DOCUMENTS}
-allow  ${HOME}/.local/share/Anki2
+whitelist ${DOCUMENTS}
+whitelist ${HOME}/.local/share/Anki2
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index cb30ed8da..fdaf10259 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.anydesk
+noblacklist ${HOME}/.anydesk
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.anydesk
-allow  ${HOME}/.anydesk
+whitelist ${HOME}/.anydesk
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index d647a4657..e7b09283e 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.bash_history
-nodeny  ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
-nodeny  ${HOME}/.repo_.gitconfig.json
-nodeny  ${HOME}/.repoconfig
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.bash_history
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.repo_.gitconfig.json
+noblacklist ${HOME}/.repoconfig
+noblacklist ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 020ae2812..01566314f 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.texlive20*
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.texlive20*
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/apostrophe
-allow  /usr/share/texlive
-allow  /usr/share/texmf
-allow  /usr/share/pandoc-*
-allow  /usr/share/perl5
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/apostrophe
+whitelist /usr/share/texlive
+whitelist /usr/share/texmf
+whitelist /usr/share/pandoc-*
+whitelist /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index 8c71dd574..accabb6f5 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/arch-audit
+whitelist /usr/share/arch-audit
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 0915ede33..19c37f90e 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 5b859ceb1..1fab4606b 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
 
 # common profile for archiver/compression tools
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your archiver-common.local
 # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 960948afc..84b1d6c18 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ardour4
-nodeny  ${HOME}/.config/ardour5
-nodeny  ${HOME}/.lv2
-nodeny  ${HOME}/.vst
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/ardour4
+noblacklist ${HOME}/.config/ardour5
+noblacklist ${HOME}/.lv2
+noblacklist ${HOME}/.vst
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index 88f14fbfe..fd1ca9a09 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.arduino15
-nodeny  ${HOME}/Arduino
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.arduino15
+noblacklist ${HOME}/Arduino
+noblacklist ${DOCUMENTS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index be56011f0..22b8ecd65 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.aria2
-nodeny  ${HOME}/.config/aria2
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.aria2
+noblacklist ${HOME}/.config/aria2
+noblacklist ${HOME}/.netrc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index 031c57080..a63dd8f5f 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/arkrc
-nodeny  ${HOME}/.local/share/kxmlgui5/ark
+noblacklist ${HOME}/.config/arkrc
+noblacklist ${HOME}/.local/share/kxmlgui5/ark
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/ark
+whitelist /usr/share/ark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 9ed8076be..2c8b630ce 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.arm
+noblacklist ${HOME}/.arm
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.arm
-allow  ${HOME}/.arm
+whitelist ${HOME}/.arm
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index 7cfac4915..fab72b7d3 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/artha.conf
-nodeny  ${HOME}/.config/artha.log
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/artha.conf
+noblacklist ${HOME}/.config/artha.log
+noblacklist ${HOME}/.config/enchant
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/artha.conf
 #whitelist ${HOME}/.config/artha.log
 #whitelist ${HOME}/.config/enchant
-allow  /usr/share/artha
-allow  /usr/share/wordnet
+whitelist /usr/share/artha
+whitelist /usr/share/wordnet
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index f2251c210..977fe30a4 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${PICTURES}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index e65072266..c97fd691a 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/asunder
-nodeny  ${HOME}/.asunder_album_genre
-nodeny  ${HOME}/.asunder_album_title
-nodeny  ${HOME}/.asunder_album_artist
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/asunder
+noblacklist ${HOME}/.asunder_album_genre
+noblacklist ${HOME}/.asunder_album_title
+noblacklist ${HOME}/.asunder_album_artist
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index ea3038537..5f237ac59 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
 ignore apparmor
 ignore disable-mnt
 
-nodeny  ${HOME}/.atom
-nodeny  ${HOME}/.config/Atom
+noblacklist ${HOME}/.atom
+noblacklist ${HOME}/.config/Atom
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 8ae8617cf..1c3ed66ff 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/atril
-nodeny  ${HOME}/.config/atril
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/atril
+noblacklist ${HOME}/.config/atril
+noblacklist ${DOCUMENTS}
 
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index 53baf0a2a..f9f209786 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Audaciousrc
-nodeny  ${HOME}/.config/audacious
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/Audaciousrc
+noblacklist ${HOME}/.config/audacious
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index c244846e1..a2de8436a 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.audacity-data
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.audacity-data
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 534792cc6..2c7fdc812 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${MUSIC}
-allow  ${DOWNLOADS}
-allow  /usr/share/audio-recorder
-allow  /usr/share/gstreamer-1.0
+whitelist ${MUSIC}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/audio-recorder
+whitelist /usr/share/gstreamer-1.0
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 0d6eb6a21..2ebe35dd5 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/authenticator-rs
+noblacklist ${HOME}/.local/share/authenticator-rs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/authenticator-rs
-allow  ${HOME}/.local/share/authenticator-rs
-allow  ${DOWNLOADS}
-allow  /usr/share/uk.co.grumlimited.authenticator-rs
+whitelist ${HOME}/.local/share/authenticator-rs
+whitelist ${DOWNLOADS}
+whitelist /usr/share/uk.co.grumlimited.authenticator-rs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 55d967e3e..42d9cd56a 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Authenticator
-nodeny  ${HOME}/.config/Authenticator
+noblacklist ${HOME}/.cache/Authenticator
+noblacklist ${HOME}/.config/Authenticator
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index a5b3b22f6..891928e5a 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.config/autokey
-nodeny  ${HOME}/.local/share/autokey
+noblacklist ${HOME}/.config/autokey
+noblacklist ${HOME}/.local/share/autokey
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 0feb05d75..1ecc03da1 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.avidemux6
-nodeny  ${HOME}/.config/avidemux3_qt5rc
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.avidemux6
+noblacklist ${HOME}/.config/avidemux3_qt5rc
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.avidemux6
 mkdir ${HOME}/.config/avidemux3_qt5rc
-allow  ${HOME}/.avidemux6
-allow  ${HOME}/.config/avidemux3_qt5rc
-allow  ${VIDEOS}
+whitelist ${HOME}/.avidemux6
+whitelist ${HOME}/.config/avidemux3_qt5rc
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index abe9fdb24..a57ad4014 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/aweather
+noblacklist ${HOME}/.config/aweather
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/aweather
-allow  ${HOME}/.config/aweather
+whitelist ${HOME}/.config/aweather
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 58f4f5e96..5d1bf5071 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
 include globals.local
 
 # all applications started in awesome will run in this profile
-nodeny  ${HOME}/.config/awesome
+noblacklist ${HOME}/.config/awesome
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 46bb0b44e..3952921a3 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.ballbuster.hs
+noblacklist ${HOME}/.ballbuster.hs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.ballbuster.hs
-allow  ${HOME}/.ballbuster.hs
-allow  /usr/share/ballbuster
+whitelist ${HOME}/.ballbuster.hs
+whitelist /usr/share/ballbuster
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index 2b10883f7..fe86d9b80 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
 # read-write ${HOME}/.local/share/baloo
 # ignore read-write
 
-nodeny  ${HOME}/.config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloofilerc
-nodeny  ${HOME}/.kde/share/config/baloorc
-nodeny  ${HOME}/.kde4/share/config/baloofilerc
-nodeny  ${HOME}/.kde4/share/config/baloorc
-nodeny  ${HOME}/.local/share/baloo
+noblacklist ${HOME}/.config/baloofilerc
+noblacklist ${HOME}/.kde/share/config/baloofilerc
+noblacklist ${HOME}/.kde/share/config/baloorc
+noblacklist ${HOME}/.kde4/share/config/baloofilerc
+noblacklist ${HOME}/.kde4/share/config/baloorc
+noblacklist ${HOME}/.local/share/baloo
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 1e74443aa..8c69652c5 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.balsa
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
-nodeny  ${HOME}/mail
-nodeny  /var/mail
-nodeny  /var/spool/mail
+noblacklist ${HOME}/.balsa
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/mail
+noblacklist /var/mail
+noblacklist /var/spool/mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.signature
 mkdir ${HOME}/mail
-allow  ${HOME}/.balsa
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.signature
-allow  ${HOME}/mail
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/balsa
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /var/mail
-allow  /var/spool/mail
+whitelist ${HOME}/.balsa
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.signature
+whitelist ${HOME}/mail
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/balsa
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /var/mail
+whitelist /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index fcea9b3ba..7b50e9199 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Debauchee/Barrier.conf
-nodeny  ${HOME}/.local/share/barrier
-nodeny  ${PATH}/openssl
+noblacklist ${HOME}/.config/Debauchee/Barrier.conf
+noblacklist ${HOME}/.local/share/barrier
+noblacklist ${PATH}/openssl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 547c67fc8..8dc3847a0 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/moonchild productions/basilisk
-nodeny  ${HOME}/.moonchild productions/basilisk
+noblacklist ${HOME}/.cache/moonchild productions/basilisk
+noblacklist ${HOME}/.moonchild productions/basilisk
 
 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-allow  ${HOME}/.cache/moonchild productions/basilisk
-allow  ${HOME}/.moonchild productions
+whitelist ${HOME}/.cache/moonchild productions/basilisk
+whitelist ${HOME}/.moonchild productions
 
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index a1d2b1e73..3ecaea7fe 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/bcompare
+noblacklist ${HOME}/.config/bcompare
 # In case the user decides to include disable-programs.inc, still allow
 # KDE's Gwenview to view images via right click -> Open With -> Associated Application
-nodeny  ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/gwenviewrc
 
 # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index 588f460a8..f3a9568bd 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
 
-nodeny  ${HOME}/.config/Beaker Browser
+noblacklist ${HOME}/.config/Beaker Browser
 
 mkdir ${HOME}/.config/Beaker Browser
-allow  ${HOME}/.config/Beaker Browser
+whitelist ${HOME}/.config/Beaker Browser
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index 717d7258d..c7a82afbd 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bibletime
-nodeny  ${HOME}/.sword
-nodeny  ${HOME}/.local/share/bibletime
+noblacklist ${HOME}/.bibletime
+noblacklist ${HOME}/.sword
+noblacklist ${HOME}/.local/share/bibletime
 
-deny  ${HOME}/.bashrc
+blacklist ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
 mkdir ${HOME}/.bibletime
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.local/share/bibletime
-allow  ${HOME}/.bibletime
-allow  ${HOME}/.sword
-allow  ${HOME}/.local/share/bibletime
-allow  /usr/share/bibletime
-allow  /usr/share/doc/bibletime
-allow  /usr/share/sword
+whitelist ${HOME}/.bibletime
+whitelist ${HOME}/.sword
+whitelist ${HOME}/.local/share/bibletime
+whitelist /usr/share/bibletime
+whitelist /usr/share/doc/bibletime
+whitelist /usr/share/sword
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index b02fcc3e0..854fe5cb9 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/bijiben
+noblacklist ${HOME}/.local/share/bijiben
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/bijiben
-allow  ${HOME}/.local/share/bijiben
-allow  ${HOME}/.cache/tracker
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/bijiben
-allow  /usr/share/tracker
-allow  /usr/share/tracker3
+whitelist ${HOME}/.local/share/bijiben
+whitelist ${HOME}/.cache/tracker
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/bijiben
+whitelist /usr/share/tracker
+whitelist /usr/share/tracker3
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index c4ec0f820..932db9b73 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bitcoin
-nodeny  ${HOME}/.config/Bitcoin
+noblacklist ${HOME}/.bitcoin
+noblacklist ${HOME}/.config/Bitcoin
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
-allow  ${HOME}/.bitcoin
-allow  ${HOME}/.config/Bitcoin
+whitelist ${HOME}/.bitcoin
+whitelist ${HOME}/.config/Bitcoin
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index 0f000b26b..dd7651979 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 # noblacklist /var/log
 
 include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index 4b292d72a..ba2eb2ea7 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Bitwarden
+noblacklist ${HOME}/.config/Bitwarden
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Bitwarden
-allow  ${HOME}/.config/Bitwarden
+whitelist ${HOME}/.config/Bitwarden
 
 machine-id
 no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 616ad6801..233f9a96f 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
 include globals.local
 
 # all applications started in blackbox will run in this profile
-nodeny  ${HOME}/.blackbox
+noblacklist ${HOME}/.blackbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 8d0b5616f..701ae431e 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/blender
+noblacklist ${HOME}/.config/blender
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 # Allow usage of AMD GPU by OpenCL
-nodeny  /sys/module
-allow  /sys/module/amdgpu
+noblacklist /sys/module
+whitelist /sys/module/amdgpu
 read-only /sys/module/amdgpu
 
 caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index ca5f96eee..80dc750f7 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/bless
+noblacklist ${HOME}/.config/bless
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index ee2a73b54..229c20293 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.blobby
+noblacklist ${HOME}/.blobby
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.blobby
-allow  ${HOME}/.blobby
+whitelist ${HOME}/.blobby
 include whitelist-common.inc
-allow  /usr/share/blobby
+whitelist /usr/share/blobby
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index e0be5261e..904710cb5 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.parallelrealities/blobwars
+noblacklist ${HOME}/.parallelrealities/blobwars
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.parallelrealities/blobwars
-allow  ${HOME}/.parallelrealities/blobwars
-allow  /usr/share/blobwars
+whitelist ${HOME}/.parallelrealities/blobwars
+whitelist /usr/share/blobwars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index dcfd5d8d2..6e8f0d7d1 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/bnox
-nodeny  ${HOME}/.config/bnox
+noblacklist ${HOME}/.cache/bnox
+noblacklist ${HOME}/.config/bnox
 
 mkdir ${HOME}/.cache/bnox
 mkdir ${HOME}/.config/bnox
-allow  ${HOME}/.cache/bnox
-allow  ${HOME}/.config/bnox
+whitelist ${HOME}/.cache/bnox
+whitelist ${HOME}/.config/bnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index a14bb8fef..0cbac049a 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Brackets
+noblacklist ${HOME}/.config/Brackets
 #noblacklist /opt/brackets
 #noblacklist /opt/google
 
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index a78882409..417a6b3e0 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/brasero
+noblacklist ${HOME}/.config/brasero
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index bc2d7a6a1..09548c761 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/BraveSoftware
-nodeny  ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/brave
-nodeny  ${HOME}/.config/brave-flags.conf
+noblacklist ${HOME}/.cache/BraveSoftware
+noblacklist ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/brave
+noblacklist ${HOME}/.config/brave-flags.conf
 # brave uses gpg for built-in password manager
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/BraveSoftware
 mkdir ${HOME}/.config/BraveSoftware
 mkdir ${HOME}/.config/brave
-allow  ${HOME}/.cache/BraveSoftware
-allow  ${HOME}/.config/BraveSoftware
-allow  ${HOME}/.config/brave
-allow  ${HOME}/.config/brave-flags.conf
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.cache/BraveSoftware
+whitelist ${HOME}/.config/BraveSoftware
+whitelist ${HOME}/.config/brave
+whitelist ${HOME}/.config/brave-flags.conf
+whitelist ${HOME}/.gnupg
 
 # Brave sandbox needs read access to /proc/config.gz
-nodeny  /proc/config.gz
+noblacklist /proc/config.gz
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index 62ca041c2..bda96bbb3 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bzf
+noblacklist ${HOME}/.bzf
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.bzf
-allow  ${HOME}/.bzf
+whitelist ${HOME}/.bzf
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 99706620c..83571397b 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/calibre
-nodeny  ${HOME}/.config/calibre
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/calibre
+noblacklist ${HOME}/.config/calibre
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index 36ecc06a0..fcff47662 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligra
+noblacklist ${HOME}/.local/share/kxmlgui5/calligra
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 76123c96a..006c307ab 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/calligragemini
+noblacklist ${HOME}/.local/share/calligragemini
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 5fb1e16da..81dbd4dcd 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplan
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index c176bfea1..bba91b66b 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligraplanwork
+noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index b7ac68945..7bc296047 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrasheets
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 1258fec56..7694abbe4 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrastage
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index c2b6c8041..d69d56a95 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/calligrawords
+noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 390ae383c..74c7cc34b 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/cameramonitor
+whitelist /usr/share/cameramonitor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 77bdc09e0..96f88a7c4 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/cantata
-nodeny  ${HOME}/.config/cantata
-nodeny  ${HOME}/.local/share/cantata
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/cantata
+noblacklist ${HOME}/.config/cantata
+noblacklist ${HOME}/.local/share/cantata
+noblacklist ${MUSIC}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 9c53af84f..7cf04c550 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
 ignore noexec ${HOME}
 ignore noexec /tmp
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.cargo/credentials
-nodeny  ${HOME}/.cargo/credentials.toml
+noblacklist ${HOME}/.cargo/credentials
+noblacklist ${HOME}/.cargo/credentials.toml
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.cargo
 #whitelist ${HOME}/.rustup
 #include whitelist-common.inc
-allow  /usr/share/pkgconfig
+whitelist /usr/share/pkgconfig
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 4ea53ea6b..009d3a049 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
 
-nodeny  ${HOME}/.config/catfish
+noblacklist ${HOME}/.config/catfish
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
 
-allow  /var/lib/mlocate
+whitelist /var/lib/mlocate
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index d7aee1902..6e137010c 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cawbird
+noblacklist ${HOME}/.config/cawbird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index d6f4306ba..1c539cc93 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/celluloid
-nodeny  ${HOME}/.config/gnome-mpv
-nodeny  ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.config/celluloid
+noblacklist ${HOME}/.config/gnome-mpv
+noblacklist ${HOME}/.config/youtube-dl
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/celluloid
 mkdir ${HOME}/.config/gnome-mpv
 mkdir ${HOME}/.config/youtube-dl
-allow  ${HOME}/.config/celluloid
-allow  ${HOME}/.config/gnome-mpv
-allow  ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.config/celluloid
+whitelist ${HOME}/.config/gnome-mpv
+whitelist ${HOME}/.config/youtube-dl
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 0f61084e0..24939fc70 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index bde3e1311..aca1f5876 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${VIDEOS}
-nodeny  ${PICTURES}
+noblacklist ${VIDEOS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${VIDEOS}
-allow  ${PICTURES}
-allow  /usr/share/gnome-video-effects
+whitelist ${VIDEOS}
+whitelist ${PICTURES}
+whitelist /usr/share/gnome-video-effects
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index d5dedd81d..7621b3c8c 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cherrytree
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/cherrytree
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 64c45772a..8803a4d9d 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
 # Persistent local customizations
 include chromium-browser-privacy.local
 
-nodeny  ${HOME}/.cache/ungoogled-chromium
-nodeny  ${HOME}/.config/ungoogled-chromium
+noblacklist ${HOME}/.cache/ungoogled-chromium
+noblacklist ${HOME}/.config/ungoogled-chromium
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 mkdir ${HOME}/.cache/ungoogled-chromium
 mkdir ${HOME}/.config/ungoogled-chromium
-allow  ${HOME}/.cache/ungoogled-chromium
-allow  ${HOME}/.config/ungoogled-chromium
+whitelist ${HOME}/.cache/ungoogled-chromium
+whitelist ${HOME}/.config/ungoogled-chromium
 
 # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
 
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index dbeb715d4..b0e0254d4 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
 # to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index ea92e90a8..9ac33aa1c 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/chromium
-nodeny  ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/chromium-flags.conf
+noblacklist ${HOME}/.cache/chromium
+noblacklist ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium-flags.conf
 
 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
-allow  ${HOME}/.cache/chromium
-allow  ${HOME}/.config/chromium
-allow  ${HOME}/.config/chromium-flags.conf
-allow  /usr/share/chromium
-allow  /usr/share/mozilla/extensions
+whitelist ${HOME}/.cache/chromium
+whitelist ${HOME}/.config/chromium
+whitelist ${HOME}/.config/chromium-flags.conf
+whitelist /usr/share/chromium
+whitelist /usr/share/mozilla/extensions
 
 # private-bin chromium,chromium-browser,chromedriver
 
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index c967e1c96..e1f9523c4 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bcast5
+noblacklist ${HOME}/.bcast5
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index 0efbcd4f2..e403c2c41 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-exec.inc
 
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 3e4e1f2a1..691657fa0 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 
 # Add the below lines to your claws-mail.local if you use python-based plugins.
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 #include allow-python3.inc
 
-allow  /usr/share/doc/claws-mail
+whitelist /usr/share/doc/claws-mail
 
 # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
 
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index ee64391d9..9b62a1f73 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.claws-mail
+noblacklist ${HOME}/.claws-mail
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.claws-mail
-allow  ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index f9c0006f9..fa33795c1 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Clementine
-nodeny  ${HOME}/.config/Clementine
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/Clementine
+noblacklist ${HOME}/.config/Clementine
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 5c5399069..77952358f 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,16 +5,16 @@ include clion.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/JetBrains/CLion*
-nodeny  ${HOME}/.cache/JetBrains/CLion*
-nodeny  ${HOME}/.clion*
-nodeny  ${HOME}/.CLion*
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.java
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.config/JetBrains/CLion*
+noblacklist ${HOME}/.cache/JetBrains/CLion*
+noblacklist ${HOME}/.clion*
+noblacklist ${HOME}/.CLion*
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index 89f8d96f0..c8258da07 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Philipp Schmieder
-nodeny  ${HOME}/.pki
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/Philipp Schmieder
+noblacklist ${HOME}/.pki
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index 4a2a5171b..d421903a3 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/clipit
-nodeny  ${HOME}/.local/share/clipit
+noblacklist ${HOME}/.config/clipit
+noblacklist ${HOME}/.local/share/clipit
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/clipit
 mkdir ${HOME}/.local/share/clipit
-allow  ${HOME}/.config/clipit
-allow  ${HOME}/.local/share/clipit
+whitelist ${HOME}/.config/clipit
+whitelist ${HOME}/.local/share/clipit
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index 22c6ef882..d0b8cc0ef 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/cliqz
-nodeny  ${HOME}/.cliqz
-nodeny  ${HOME}/.config/cliqz
+noblacklist ${HOME}/.cache/cliqz
+noblacklist ${HOME}/.cliqz
+noblacklist ${HOME}/.config/cliqz
 
 mkdir ${HOME}/.cache/cliqz
 mkdir ${HOME}/.cliqz
 mkdir ${HOME}/.config/cliqz
-allow  ${HOME}/.cache/cliqz
-allow  ${HOME}/.cliqz
-allow  ${HOME}/.config/cliqz
+whitelist ${HOME}/.cache/cliqz
+whitelist ${HOME}/.cliqz
+whitelist ${HOME}/.config/cliqz
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index 51e53209f..bcd557787 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cmus
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/cmus
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index 1933c66fa..e19b78908 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Code
-nodeny  ${HOME}/.config/Code - OSS
-nodeny  ${HOME}/.vscode
-nodeny  ${HOME}/.vscode-oss
+noblacklist ${HOME}/.config/Code
+noblacklist ${HOME}/.config/Code - OSS
+noblacklist ${HOME}/.vscode
+noblacklist ${HOME}/.vscode-oss
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index efa7f516c..bd6d8f5b0 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.suve/colorful
+noblacklist ${HOME}/.suve/colorful
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.suve/colorful
-allow  ${HOME}/.suve/colorful
-allow  /usr/share/suve
+whitelist ${HOME}/.suve/colorful
+whitelist /usr/share/suve
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index 34b662959..c8bdfec23 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/com.github.bleakgrey.tootle
+noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/com.github.bleakgrey.tootle
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/com.github.bleakgrey.tootle
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/com.github.bleakgrey.tootle
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index 4e26e4925..b467a0f7a 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/agenda
-nodeny  ${HOME}/.config/agenda
-nodeny  ${HOME}/.local/share/agenda
+noblacklist ${HOME}/.cache/agenda
+noblacklist ${HOME}/.config/agenda
+noblacklist ${HOME}/.local/share/agenda
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/agenda
 mkdir ${HOME}/.config/agenda
 mkdir ${HOME}/.local/share/agenda
-allow  ${HOME}/.cache/agenda
-allow  ${HOME}/.config/agenda
-allow  ${HOME}/.local/share/agenda
+whitelist ${HOME}/.cache/agenda
+whitelist ${HOME}/.config/agenda
+whitelist ${HOME}/.local/share/agenda
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index bbfc1fe41..c13f9618b 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.cache/com.github.johnfactotum.Foliate
-nodeny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
 mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${HOME}/.cache/com.github.johnfactotum.Foliate
-allow  ${HOME}/.local/share/com.github.johnfactotum.Foliate
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  /usr/share/com.github.johnfactotum.Foliate
-allow  /usr/share/hyphen
+whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/com.github.johnfactotum.Foliate
+whitelist /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index 3e9acc6c8..d0402d188 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/minder
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.local/share/minder
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/minder
-allow  ${HOME}/.local/share/minder
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
-allow  ${PICTURES}
+whitelist ${HOME}/.local/share/minder
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 6cc9ec551..38edf0d21 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.conkeror.mozdev.org
+noblacklist ${HOME}/.conkeror.mozdev.org
 
 include disable-common.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.conkeror.mozdev.org
 mkfile ${HOME}/.conkerorrc
-allow  ${HOME}/.conkeror.mozdev.org
-allow  ${HOME}/.conkerorrc
-allow  ${HOME}/.lastpass
-allow  ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
-allow  ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
-allow  ${HOME}/.zotero
-allow  ${HOME}/dwhelper
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.conkeror.mozdev.org
+whitelist ${HOME}/.conkerorrc
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index 1b3fe6651..eaa18739d 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 266c404ee..2fb446e2a 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/corebird
+noblacklist ${HOME}/.config/corebird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 0a1353e40..1635995dc 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/cower
-nodeny  /var/lib/pacman
+noblacklist ${HOME}/.config/cower
+noblacklist /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 5e48c8022..7ece35c2b 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/coyim
+noblacklist ${HOME}/.config/coyim
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/coyim
-allow  ${HOME}/.config/coyim
+whitelist ${HOME}/.config/coyim
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index dec8c086b..bdc4f21a6 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index 81292c01c..b10216895 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.crawl
+noblacklist ${HOME}/.crawl
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.crawl
-allow  ${HOME}/.crawl
+whitelist ${HOME}/.crawl
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 36bd93778..02b15ecc2 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
 
 mkdir ${HOME}/.config/crow
 mkdir ${HOME}/.cache/gstreamer-1.0
-allow  ${HOME}/.config/crow
-allow  ${HOME}/.cache/gstreamer-1.0
+whitelist ${HOME}/.config/crow
+whitelist ${HOME}/.cache/gstreamer-1.0
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 4950b7a4c..c9867c5d7 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
 # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
 # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
 # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
-nodeny  ${HOME}/.curl-hsts
-nodeny  ${HOME}/.curlrc
+noblacklist ${HOME}/.curl-hsts
+noblacklist ${HOME}/.curlrc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index 49f972e4a..d1fff0004 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.8pecxstudios
-nodeny  ${HOME}/.cache/8pecxstudios
+noblacklist ${HOME}/.8pecxstudios
+noblacklist ${HOME}/.cache/8pecxstudios
 
 mkdir ${HOME}/.8pecxstudios
 mkdir ${HOME}/.cache/8pecxstudios
-allow  ${HOME}/.8pecxstudios
-allow  ${HOME}/.cache/8pecxstudios
+whitelist ${HOME}/.8pecxstudios
+whitelist ${HOME}/.cache/8pecxstudios
 
 # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index c7ce1730a..ba1e7adad 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/d-feet
+noblacklist ${HOME}/.config/d-feet
 
 # Allow python (disabled by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/d-feet
-allow  ${HOME}/.config/d-feet
-allow  /usr/share/d-feet
+whitelist ${HOME}/.config/d-feet
+whitelist /usr/share/d-feet
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 4d51c255e..61fa52928 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/darktable
-nodeny  ${HOME}/.config/darktable
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/darktable
+noblacklist ${HOME}/.config/darktable
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 745042d6f..67a61bb60 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index c1231c6cf..0c221850a 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index b9d385adf..be7514cbf 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.local/share/glib-2.0
+whitelist ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 09fa7a07a..5b95b74be 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
-allow  /usr/share/ddgtk
+whitelist ${DOWNLOADS}
+whitelist /usr/share/ddgtk
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index 25fa944a1..a221ebbd7 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/deadbeef
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/deadbeef
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index d41a4a023..ad7aa6ed5 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/deluge
+noblacklist ${HOME}/.config/deluge
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/deluge
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/deluge
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index aed4355d5..212cdab60 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/onlyoffice
-nodeny  ${HOME}/.local/share/onlyoffice
-nodeny  ${HOME}/.pki
+noblacklist ${HOME}/.config/onlyoffice
+noblacklist ${HOME}/.local/share/onlyoffice
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index dc0f290fb..5007f8e74 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/devhelp
-allow  /usr/share/doc
-allow  /usr/share/gtk-doc/html
+whitelist /usr/share/devhelp
+whitelist /usr/share/doc
+whitelist /usr/share/gtk-doc/html
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 631f15f93..6267b5709 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.devilspie
+noblacklist ${HOME}/.devilspie
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.devilspie
-allow  ${HOME}/.devilspie
+whitelist ${HOME}/.devilspie
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 140c9da0f..9eab3f536 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
 # Persistent global definitions
 #include globals.local
 
-deny  ${HOME}/.devilspie
+blacklist ${HOME}/.devilspie
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/devilspie2
+noblacklist ${HOME}/.config/devilspie2
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
 mkdir ${HOME}/.config/devilspie2
-allow  ${HOME}/.config/devilspie2
+whitelist ${HOME}/.config/devilspie2
 
 private-bin devilspie2
 
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 2a808238b..531734b7d 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dia
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.dia
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.dia
 #whitelist ${DOCUMENTS}
 #include whitelist-common.inc
-allow  /usr/share/dia
+whitelist /usr/share/dia
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 2d683b811..247159a8a 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.digrc
-nodeny  ${PATH}/dig
+noblacklist ${HOME}/.digrc
+noblacklist ${PATH}/dig
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 #mkfile ${HOME}/.digrc - see #903
-allow  ${HOME}/.digrc
+whitelist ${HOME}/.digrc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 124b50952..2ca7bd400 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/digikam
-nodeny  ${HOME}/.config/digikamrc
-nodeny  ${HOME}/.kde/share/apps/digikam
-nodeny  ${HOME}/.kde4/share/apps/digikam
-nodeny  ${HOME}/.local/share/kxmlgui5/digikam
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/digikam
+noblacklist ${HOME}/.config/digikamrc
+noblacklist ${HOME}/.kde/share/apps/digikam
+noblacklist ${HOME}/.kde4/share/apps/digikam
+noblacklist ${HOME}/.local/share/kxmlgui5/digikam
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 883466f4d..9871a6095 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dillo
+noblacklist ${HOME}/.dillo
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.dillo
 mkdir ${HOME}/.fltk
-allow  ${DOWNLOADS}
-allow  ${HOME}/.dillo
-allow  ${HOME}/.fltk
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.dillo
+whitelist ${HOME}/.fltk
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index 3078bef71..c3174b35f 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/dino
+noblacklist ${HOME}/.local/share/dino
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.local/share/dino
-allow  ${HOME}/.local/share/dino
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.local/share/dino
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 1c53cd211..43db95b8a 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discordcanary
+noblacklist ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-allow  ${HOME}/.config/discordcanary
+whitelist ${HOME}/.config/discordcanary
 
 private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 6bee1901c..19e7bd9ab 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
 ignore noexec ${HOME}
 ignore novideo
 
-allow  ${HOME}/.config/BetterDiscord
-allow  ${HOME}/.local/share/betterdiscordctl
+whitelist ${HOME}/.config/BetterDiscord
+whitelist ${HOME}/.local/share/betterdiscordctl
 
 private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
 private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 658d3fc83..8ef02a30f 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/discord
+noblacklist ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-allow  ${HOME}/.config/discord
+whitelist ${HOME}/.config/discord
 
 private-bin discord
 private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 4474b97d2..11f3fd36e 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 8c3d6211b..51ba6f8b7 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/dnox
-nodeny  ${HOME}/.config/dnox
+noblacklist ${HOME}/.cache/dnox
+noblacklist ${HOME}/.config/dnox
 
 mkdir ${HOME}/.cache/dnox
 mkdir ${HOME}/.config/dnox
-allow  ${HOME}/.cache/dnox
-allow  ${HOME}/.config/dnox
+whitelist ${HOME}/.cache/dnox
+whitelist ${HOME}/.config/dnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index dbcef36f8..f8fb1a331 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/dnscrypt-proxy
+whitelist /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b1acbf392..01398c2b2 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 15b312ecb..49feec32e 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
 
 # Note: you must whitelist your games folder in your dolphin-emu.local.
 
-nodeny  ${HOME}/.cache/dolphin-emu
-nodeny  ${HOME}/.config/dolphin-emu
-nodeny  ${HOME}/.local/share/dolphin-emu
+noblacklist ${HOME}/.cache/dolphin-emu
+noblacklist ${HOME}/.config/dolphin-emu
+noblacklist ${HOME}/.local/share/dolphin-emu
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
 mkdir ${HOME}/.config/dolphin-emu
 mkdir ${HOME}/.local/share/dolphin-emu
-allow  ${HOME}/.cache/dolphin-emu
-allow  ${HOME}/.config/dolphin-emu
-allow  ${HOME}/.local/share/dolphin-emu
-allow  /usr/share/dolphin-emu
+whitelist ${HOME}/.cache/dolphin-emu
+whitelist ${HOME}/.config/dolphin-emu
+whitelist ${HOME}/.local/share/dolphin-emu
+whitelist /usr/share/dolphin-emu
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 3b0adcc36..37a4113cb 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dooble
+noblacklist ${HOME}/.dooble
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.dooble
-allow  ${DOWNLOADS}
-allow  ${HOME}/.dooble
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.dooble
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 29e506764..988f66f28 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.dosbox
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.dosbox
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 90ca11774..8fa01d504 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/dragonplayerrc
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/dragonplayerrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/dragonplayer
+whitelist /usr/share/dragonplayer
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 84a77ce34..82d96e405 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/draw.io
+noblacklist ${HOME}/.config/draw.io
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/draw.io
-allow  ${HOME}/.config/draw.io
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/draw.io
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index e177fd60e..068bd88d8 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PATH}/drill
+noblacklist ${PATH}/drill
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index 274cdd478..b3b2aaf40 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/autostart
-nodeny  ${HOME}/.dropbox
-nodeny  ${HOME}/.dropbox-dist
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.dropbox
+noblacklist ${HOME}/.dropbox-dist
 
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
 mkdir ${HOME}/.dropbox-dist
 mkdir ${HOME}/Dropbox
 mkfile ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.config/autostart/dropbox.desktop
-allow  ${HOME}/.dropbox
-allow  ${HOME}/.dropbox-dist
-allow  ${HOME}/Dropbox
+whitelist ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.dropbox
+whitelist ${HOME}/.dropbox-dist
+whitelist ${HOME}/Dropbox
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index da54fec34..38e4b16f7 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.easystroke
+noblacklist ${HOME}/.easystroke
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.easystroke
-allow  ${HOME}/.easystroke
+whitelist ${HOME}/.easystroke
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 10e57371e..278dd6cbd 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/electron-mail
+noblacklist ${HOME}/.config/electron-mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
-allow  ${HOME}/.config/electron-mail
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/electron-mail
+whitelist ${DOWNLOADS}
 
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index e8d8d35c4..493af79d4 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index f6691017c..ad636d71a 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.electrum
+noblacklist ${HOME}/.electrum
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.electrum
-allow  ${HOME}/.electrum
+whitelist ${HOME}/.electrum
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index ec28866b8..48a826f2e 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
 
 ignore dbus-user none
 
-nodeny  ${HOME}/.config/Element
+noblacklist ${HOME}/.config/Element
 
 mkdir ${HOME}/.config/Element
-allow  ${HOME}/.config/Element
-allow  /opt/Element
+whitelist ${HOME}/.config/Element
+whitelist /opt/Element
 
 private-opt Element
 
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 30dca05cb..5a29eb24b 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.elinks
+noblacklist ${HOME}/.elinks
 
 mkdir ${HOME}/.elinks
-allow  ${HOME}/.elinks
+whitelist ${HOME}/.elinks
 
 private-bin elinks
 
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index f0e0e2830..55bf743ef 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
 # Add the next line to your emacs.local if you need gpg support.
 #noblacklist ${HOME}/.gnupg
 
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 5fc72d340..6c9a8a6ea 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.signature
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.signature
 # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
 # and 'blacklist' it in your disable-common.local too so it is  kept hidden from other applications
-nodeny  ${HOME}/Mail
+noblacklist ${HOME}/Mail
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.config/mimeapps.list
 mkfile ${HOME}/.signature
-allow  ${HOME}/.config/mimeapps.list
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.signature
-allow  ${DOCUMENTS}
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.signature
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
 # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
-allow  ${HOME}/Mail
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/Mail
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index 36015b702..ac17b1726 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/enchant
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/enchant
-allow  ${HOME}/.config/enchant
+whitelist ${HOME}/.config/enchant
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index 9a1d89bba..d982433e2 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/Enox
-nodeny  ${HOME}/.config/Enox
+noblacklist ${HOME}/.cache/Enox
+noblacklist ${HOME}/.config/Enox
 
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/Enox
 mkdir ${HOME}/.config/Enox
-allow  ${HOME}/.cache/Enox
-allow  ${HOME}/.config/Enox
+whitelist ${HOME}/.cache/Enox
+whitelist ${HOME}/.config/Enox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index 5d8f8a0b9..c4123b4c2 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/Enpass
-nodeny  ${HOME}/.config/sinew.in
-nodeny  ${HOME}/.config/Sinew Software Systems
-nodeny  ${HOME}/.local/share/Enpass
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/Enpass
+noblacklist ${HOME}/.config/sinew.in
+noblacklist ${HOME}/.config/Sinew Software Systems
+noblacklist ${HOME}/.local/share/Enpass
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
 mkfile ${HOME}/.config/sinew.in
 mkdir ${HOME}/.config/Sinew Software Systems
 mkdir ${HOME}/.local/share/Enpass
-allow  ${HOME}/.cache/Enpass
-allow  ${HOME}/.config/sinew.in
-allow  ${HOME}/.config/Sinew Software Systems
-allow  ${HOME}/.local/share/Enpass
-allow  ${DOCUMENTS}
+whitelist ${HOME}/.cache/Enpass
+whitelist ${HOME}/.config/sinew.in
+whitelist ${HOME}/.config/Sinew Software Systems
+whitelist ${HOME}/.local/share/Enpass
+whitelist ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index ff7040e5c..fe7913e77 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
 # added by caller profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/Trash
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index e8592c7df..5892374bd 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/eog
+noblacklist ${HOME}/.config/eog
 
-allow  /usr/share/eog
+whitelist /usr/share/eog
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 323f5ade2..7143a8e03 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/mate/eom
+noblacklist ${HOME}/.config/mate/eom
 
-allow  /usr/share/eom
+whitelist /usr/share/eom
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 3657742b9..131d68951 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
 
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index daedb2193..225811226 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
 # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
 # See https://github.com/netblue30/firejail/issues/2995
 
-nodeny  ${HOME}/.cache/epiphany
-nodeny  ${HOME}/.config/epiphany
-nodeny  ${HOME}/.local/share/epiphany
+noblacklist ${HOME}/.cache/epiphany
+noblacklist ${HOME}/.config/epiphany
+noblacklist ${HOME}/.local/share/epiphany
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/epiphany
-allow  ${HOME}/.config/epiphany
-allow  ${HOME}/.local/share/epiphany
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/epiphany
+whitelist ${HOME}/.config/epiphany
+whitelist ${HOME}/.local/share/epiphany
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index ac957870c..964d3b7ca 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/equalx
-nodeny  ${HOME}/.equalx
+noblacklist ${HOME}/.config/equalx
+noblacklist ${HOME}/.equalx
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/equalx
 mkdir ${HOME}/.equalx
-allow  ${HOME}/.config/equalx
-allow  ${HOME}/.equalx
-allow  /usr/share/poppler
-allow  /usr/share/ghostscript
-allow  /usr/share/texlive
-allow  /usr/share/equalx
-allow  /var/lib/texmf
+whitelist ${HOME}/.config/equalx
+whitelist ${HOME}/.equalx
+whitelist /usr/share/poppler
+whitelist /usr/share/ghostscript
+whitelist /usr/share/texlive
+whitelist /usr/share/equalx
+whitelist /var/lib/texmf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index a2f46b757..fdff1e4b5 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.etr
+noblacklist ${HOME}/.etr
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.etr
-allow  ${HOME}/.etr
-allow  /usr/share/etr
+whitelist ${HOME}/.etr
+whitelist /usr/share/etr
 # Debian version
-allow  /usr/share/games/etr
+whitelist /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index ce2617ad6..a9e39b15c 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
 # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
 #noblacklist ${HOME}/.local/share/gvfs-metadata
 
-nodeny  ${HOME}/.config/evince
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/evince
+noblacklist ${DOCUMENTS}
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/doc
-allow  /usr/share/evince
-allow  /usr/share/poppler
-allow  /usr/share/tracker
+whitelist /usr/share/doc
+whitelist /usr/share/evince
+whitelist /usr/share/poppler
+whitelist /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 142498a28..7222493ac 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /var/mail
-nodeny  /var/spool/mail
-nodeny  ${HOME}/.bogofilter
-nodeny  ${HOME}/.cache/evolution
-nodeny  ${HOME}/.config/evolution
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 216814989..7b09a2c64 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/perl-image-exiftool
+whitelist /usr/share/perl-image-exiftool
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 9bb42945b..b2061db79 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/falkon
-nodeny  ${HOME}/.config/falkon
+noblacklist ${HOME}/.cache/falkon
+noblacklist ${HOME}/.config/falkon
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/falkon
-allow  ${HOME}/.config/falkon
-allow  /usr/share/falkon
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/falkon
+whitelist ${HOME}/.config/falkon
+whitelist /usr/share/falkon
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index d141c6ed5..8e81000fd 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.FBReader
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.FBReader
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 17a365053..31cb1776c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 359be083e..664ec2da6 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/feedreader
-nodeny  ${HOME}/.local/share/feedreader
+noblacklist ${HOME}/.cache/feedreader
+noblacklist ${HOME}/.local/share/feedreader
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/feedreader
 mkdir ${HOME}/.local/share/feedreader
-allow  ${HOME}/.cache/feedreader
-allow  ${HOME}/.local/share/feedreader
-allow  /usr/share/feedreader
+whitelist ${HOME}/.cache/feedreader
+whitelist ${HOME}/.local/share/feedreader
+whitelist /usr/share/feedreader
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index f60055f37..a2372ec8a 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.cache/Ferdi
-nodeny  ${HOME}/.config/Ferdi
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/Ferdi
+noblacklist ${HOME}/.config/Ferdi
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/Ferdi
-allow  ${HOME}/.config/Ferdi
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/Ferdi
+whitelist ${HOME}/.config/Ferdi
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 1e06ec29a..7358ed5c7 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.fetchmailrc
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.fetchmailrc
+noblacklist ${HOME}/.netrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 1a64183ab..13ef1beb9 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/devedeng
-allow  /usr/share/ffmpeg
-allow  /usr/share/qtchooser
+whitelist /usr/share/devedeng
+whitelist /usr/share/ffmpeg
+whitelist /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index f7a938f24..4eeceeee8 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,9 +13,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/libexec/file-roller
-allow  /usr/libexec/p7zip
-allow  /usr/share/file-roller
+whitelist /usr/libexec/file-roller
+whitelist /usr/libexec/p7zip
+whitelist /usr/share/file-roller
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 426d1e72d..5c7583605 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index d9e0e9da0..dc5def54f 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/filezilla
-nodeny  ${HOME}/.filezilla
+noblacklist ${HOME}/.config/filezilla
+noblacklist ${HOME}/.filezilla
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index e22424794..77487161e 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/firedragon
-nodeny  ${HOME}/.firedragon
+noblacklist ${HOME}/.cache/firedragon
+noblacklist ${HOME}/.firedragon
 
 mkdir ${HOME}/.cache/firedragon
 mkdir ${HOME}/.firedragon
-allow  ${HOME}/.cache/firedragon
-allow  ${HOME}/.firedragon
+whitelist ${HOME}/.cache/firedragon
+whitelist ${HOME}/.firedragon
 
 # Add the next lines to your firedragon.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index 7e2e8760d..d282f9a60 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
 ignore private-cache
 
-nodeny  ${HOME}/.cache/youtube-dl
-nodeny  ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.config/mpv
-nodeny  ${HOME}/.config/okularpartrc
-nodeny  ${HOME}/.config/okularrc
-nodeny  ${HOME}/.config/qpdfview
-nodeny  ${HOME}/.config/youtube-dl
-nodeny  ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/apps/okular
-nodeny  ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde/share/config/okularpartrc
-nodeny  ${HOME}/.kde/share/config/okularrc
-nodeny  ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/apps/okular
-nodeny  ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/config/okularpartrc
-nodeny  ${HOME}/.kde4/share/config/okularrc
-nodeny  ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/okular
-nodeny  ${HOME}/.local/share/okular
-nodeny  ${HOME}/.local/share/qpdfview
-nodeny  ${HOME}/.netrc
+noblacklist ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.config/youtube-dl
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/okular
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.netrc
 
-allow  ${HOME}/.cache/gnome-mplayer/plugin
-allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-allow  ${HOME}/.config/gnome-mplayer
-allow  ${HOME}/.config/kgetrc
-allow  ${HOME}/.config/mpv
-allow  ${HOME}/.config/okularpartrc
-allow  ${HOME}/.config/okularrc
-allow  ${HOME}/.config/pipelight-silverlight5.1
-allow  ${HOME}/.config/pipelight-widevine
-allow  ${HOME}/.config/qpdfview
-allow  ${HOME}/.config/youtube-dl
-allow  ${HOME}/.kde/share/apps/kget
-allow  ${HOME}/.kde/share/apps/okular
-allow  ${HOME}/.kde/share/config/kgetrc
-allow  ${HOME}/.kde/share/config/okularpartrc
-allow  ${HOME}/.kde/share/config/okularrc
-allow  ${HOME}/.kde4/share/apps/kget
-allow  ${HOME}/.kde4/share/apps/okular
-allow  ${HOME}/.kde4/share/config/kgetrc
-allow  ${HOME}/.kde4/share/config/okularpartrc
-allow  ${HOME}/.kde4/share/config/okularrc
-allow  ${HOME}/.keysnail.js
-allow  ${HOME}/.lastpass
-allow  ${HOME}/.local/share/kget
-allow  ${HOME}/.local/share/kxmlgui5/okular
-allow  ${HOME}/.local/share/okular
-allow  ${HOME}/.local/share/qpdfview
-allow  ${HOME}/.local/share/tridactyl
-allow  ${HOME}/.netrc
-allow  ${HOME}/.pentadactyl
-allow  ${HOME}/.pentadactylrc
-allow  ${HOME}/.tridactylrc
-allow  ${HOME}/.vimperator
-allow  ${HOME}/.vimperatorrc
-allow  ${HOME}/.wine-pipelight
-allow  ${HOME}/.wine-pipelight64
-allow  ${HOME}/.zotero
-allow  ${HOME}/dwhelper
-allow  /usr/share/lua
-allow  /usr/share/lua*
-allow  /usr/share/vulkan
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/kgetrc
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.config/youtube-dl
+whitelist ${HOME}/.kde/share/apps/kget
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/kgetrc
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/kget
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/kgetrc
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/kget
+whitelist ${HOME}/.local/share/kxmlgui5/okular
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.local/share/tridactyl
+whitelist ${HOME}/.netrc
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.tridactylrc
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
+whitelist /usr/share/lua
+whitelist /usr/share/lua*
+whitelist /usr/share/vulkan
 
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-nodeny  ${HOME}/.local/share/gnome-shell
-allow  ${HOME}/.local/share/gnome-shell
+noblacklist ${HOME}/.local/share/gnome-shell
+whitelist ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.ChromeGnomeShell
 dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index cb0fae5dc..8b74ed979 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
 
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 4fd315fdf..5e69fdb51 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
 # added by included profile
 #include globals.local
 
-allow  /usr/share/firefox-esr
+whitelist /usr/share/firefox-esr
 
 # Redirect
 include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 8acfe7c2a..3ad67734d 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/firefox
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.mozilla
 
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
 # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-allow  /usr/share/doc
-allow  /usr/share/firefox
-allow  /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
-allow  /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/doc
+whitelist /usr/share/firefox
+whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
+whitelist /usr/share/gtk-doc/html
+whitelist /usr/share/mozilla
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index bd1becaf0..2c86d3ac7 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/five-or-more
+noblacklist ${HOME}/.local/share/five-or-more
 
 mkdir ${HOME}/.local/share/five-or-more
-allow  ${HOME}/.local/share/five-or-more
+whitelist ${HOME}/.local/share/five-or-more
 
-allow  /usr/share/five-or-more
+whitelist /usr/share/five-or-more
 
 private-bin five-or-more
 
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index f16a65536..55af96c84 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
-nodeny  ${HOME}/.config/Dharkael
-nodeny  ${HOME}/.config/flameshot
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.config/Dharkael
+noblacklist ${HOME}/.config/flameshot
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
 #whitelist ${HOME}/.config/flameshot
-allow  /usr/share/flameshot
+whitelist /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index af114e129..310fb378f 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/slimjet
-nodeny  ${HOME}/.config/slimjet
+noblacklist ${HOME}/.cache/slimjet
+noblacklist ${HOME}/.config/slimjet
 
 mkdir ${HOME}/.cache/slimjet
 mkdir ${HOME}/.config/slimjet
-allow  ${HOME}/.cache/slimjet
-allow  ${HOME}/.config/slimjet
+whitelist ${HOME}/.cache/slimjet
+whitelist ${HOME}/.config/slimjet
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index 505763fb9..a4421e3ce 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/flowblade
-nodeny  ${HOME}/.flowblade
+noblacklist ${HOME}/.config/flowblade
+noblacklist ${HOME}/.flowblade
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index a22c0e103..1210f365c 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
 include globals.local
 
 # all applications started in fluxbox will run in this profile
-nodeny  ${HOME}/.fluxbox
+noblacklist ${HOME}/.fluxbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index ff9167c1a..cd0129436 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/font-manager
-nodeny  ${HOME}/.config/font-manager
+noblacklist ${HOME}/.cache/font-manager
+noblacklist ${HOME}/.config/font-manager
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
-allow  ${HOME}/.cache/font-manager
-allow  ${HOME}/.config/font-manager
-allow  /usr/share/font-manager
+whitelist ${HOME}/.cache/font-manager
+whitelist ${HOME}/.config/font-manager
+whitelist /usr/share/font-manager
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index 64c7655e2..bd1495877 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.FontForge
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.FontForge
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 5e5a12794..2d700d336 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.cache/fossamail
-nodeny  ${HOME}/.fossamail
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/fossamail
+noblacklist ${HOME}/.fossamail
+noblacklist ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/fossamail
 mkdir ${HOME}/.fossamail
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.cache/fossamail
-allow  ${HOME}/.fossamail
-allow  ${HOME}/.gnupg
+whitelist ${HOME}/.cache/fossamail
+whitelist ${HOME}/.fossamail
+whitelist ${HOME}/.gnupg
 include whitelist-common.inc
 
 # allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index 97fd4a626..eb0c43ca5 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-allow  /usr/share/four-in-a-row
+whitelist /usr/share/four-in-a-row
 
 private-bin four-in-a-row
 
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 8edc9b02d..1b1d031b4 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/fractal
+noblacklist ${HOME}/.cache/fractal
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/fractal
-allow  ${HOME}/.cache/fractal
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.cache/fractal
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 1a8ec8f99..9b780a572 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.cache/Franz
-nodeny  ${HOME}/.config/Franz
-nodeny  ${HOME}/.pki
-nodeny  ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/Franz
+noblacklist ${HOME}/.config/Franz
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/Franz
-allow  ${HOME}/.config/Franz
-allow  ${HOME}/.pki
-allow  ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/Franz
+whitelist ${HOME}/.config/Franz
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index a45ad4c7a..8043d0530 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/FreeCAD
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/FreeCAD
+noblacklist ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 20abd4056..23c19682c 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.freeciv
+noblacklist ${HOME}/.freeciv
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.freeciv
-allow  ${HOME}/.freeciv
+whitelist ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 79ccf4101..93fa7da03 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.freecol
-nodeny  ${HOME}/.cache/freecol
-nodeny  ${HOME}/.config/freecol
-nodeny  ${HOME}/.local/share/freecol
+noblacklist ${HOME}/.freecol
+noblacklist ${HOME}/.cache/freecol
+noblacklist ${HOME}/.config/freecol
+noblacklist ${HOME}/.local/share/freecol
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
 mkdir ${HOME}/.cache/freecol
 mkdir ${HOME}/.config/freecol
 mkdir ${HOME}/.local/share/freecol
-allow  ${HOME}/.freecol
-allow  ${HOME}/.java
-allow  ${HOME}/.cache/freecol
-allow  ${HOME}/.config/freecol
-allow  ${HOME}/.local/share/freecol
+whitelist ${HOME}/.freecol
+whitelist ${HOME}/.java
+whitelist ${HOME}/.cache/freecol
+whitelist ${HOME}/.config/freecol
+whitelist ${HOME}/.local/share/freecol
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index ba52dd208..699177039 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/.freemind
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.freemind
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index 4c321322c..e6aff533d 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/FreeTube
+noblacklist ${HOME}/.config/FreeTube
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/FreeTube
-allow  ${HOME}/.config/FreeTube
+whitelist ${HOME}/.config/FreeTube
 
 private-bin freetube
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index 3a6dfcfd6..b4ad81046 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.frogatto
+noblacklist ${HOME}/.frogatto
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frogatto
-allow  ${HOME}/.frogatto
-allow  /usr/libexec/frogatto
-allow  /usr/share/frogatto
+whitelist ${HOME}/.frogatto
+whitelist /usr/libexec/frogatto
+whitelist /usr/share/frogatto
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 12eca8eb0..76352e41e 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.frozen-bubble
+noblacklist ${HOME}/.frozen-bubble
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frozen-bubble
-allow  ${HOME}/.frozen-bubble
+whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 07030df4b..8852925b1 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.funnyboat
+noblacklist ${HOME}/.funnyboat
 
 ignore noexec /dev/shm
 include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.funnyboat
-allow  ${HOME}/.funnyboat
+whitelist ${HOME}/.funnyboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-allow  /usr/share/funnyboat
+whitelist /usr/share/funnyboat
 # Debian:
-allow  /usr/share/games/funnyboat
+whitelist /usr/share/games/funnyboat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index 4cd2cb1e6..ed3f0357d 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.cache/gajim
-nodeny  ${HOME}/.config/gajim
-nodeny  ${HOME}/.local/share/gajim
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/gajim
+noblacklist ${HOME}/.config/gajim
+noblacklist ${HOME}/.local/share/gajim
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.cache/gajim
-allow  ${HOME}/.config/gajim
-allow  ${HOME}/.local/share/gajim
-allow  ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.cache/gajim
+whitelist ${HOME}/.config/gajim
+whitelist ${HOME}/.local/share/gajim
+whitelist ${DOWNLOADS}
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 0b1b595a6..550b3808b 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/galculator
+noblacklist ${HOME}/.config/galculator
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/galculator
-allow  ${HOME}/.config/galculator
+whitelist ${HOME}/.config/galculator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 00b830234..3a8c055f2 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
-deny  /usr/libexec
+blacklist ${RUNUSER}/wayland-*
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 896a100fc..388f4c0df 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
 # noexec ${HOME} will break user-local installs of gcloud tooling
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.boto
-nodeny  ${HOME}/.config/gcloud
-nodeny  /var/run/docker.sock
+noblacklist ${HOME}/.boto
+noblacklist ${HOME}/.config/gcloud
+noblacklist /var/run/docker.sock
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index 8f72f0b34..cb39174e5 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
 # added by included profile
 #include globals.local
 
-deny  /tmp/.X11-unix
+blacklist /tmp/.X11-unix
 
-allow  /usr/share/gconf-editor
+whitelist /usr/share/gconf-editor
 
 ignore x11 none
 
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index 8c7013574..fec1a555a 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.config/gconf
+noblacklist ${HOME}/.config/gconf
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gconf
-allow  ${HOME}/.config/gconf
-allow  /usr/share/GConf
-allow  /usr/share/gconf
+whitelist ${HOME}/.config/gconf
+whitelist /usr/share/GConf
+whitelist /usr/share/gconf
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 706a85c75..6fdb9b37a 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/geany
+noblacklist ${HOME}/.config/geany
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 512fc1e59..74e135a7c 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/evolution
-nodeny  ${HOME}/.cache/folks
-nodeny  ${HOME}/.cache/geary
-nodeny  ${HOME}/.config/evolution
-nodeny  ${HOME}/.config/geary
-nodeny  ${HOME}/.local/share/evolution
-nodeny  ${HOME}/.local/share/geary
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.cache/folks
+noblacklist ${HOME}/.cache/geary
+noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.config/geary
+noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.local/share/geary
+noblacklist ${HOME}/.mozilla
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
-allow  ${DOWNLOADS}
-allow  ${HOME}/.cache/evolution
-allow  ${HOME}/.cache/folks
-allow  ${HOME}/.cache/geary
-allow  ${HOME}/.config/evolution
-allow  ${HOME}/.config/geary
-allow  ${HOME}/.local/share/evolution
-allow  ${HOME}/.local/share/geary
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  /usr/share/geary
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/evolution
+whitelist ${HOME}/.cache/folks
+whitelist ${HOME}/.cache/geary
+whitelist ${HOME}/.config/evolution
+whitelist ${HOME}/.config/geary
+whitelist ${HOME}/.local/share/evolution
+whitelist ${HOME}/.local/share/geary
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist /usr/share/geary
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index f11540374..108b7041d 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/enchant
-nodeny  ${HOME}/.config/gedit
+noblacklist ${HOME}/.config/enchant
+noblacklist ${HOME}/.config/gedit
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index 8ec3bbaf9..dd33b3fb5 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/geeqie
-nodeny  ${HOME}/.config/geeqie
-nodeny  ${HOME}/.local/share/geeqie
+noblacklist ${HOME}/.cache/geeqie
+noblacklist ${HOME}/.config/geeqie
+noblacklist ${HOME}/.local/share/geeqie
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index 1661da639..f894a42ca 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gfeeds
-nodeny  ${HOME}/.cache/org.gabmus.gfeeds
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.json
-nodeny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+noblacklist ${HOME}/.cache/gfeeds
+noblacklist ${HOME}/.cache/org.gabmus.gfeeds
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
 mkdir ${HOME}/.cache/org.gabmus.gfeeds
 mkfile ${HOME}/.config/org.gabmus.gfeeds.json
 mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  ${HOME}/.cache/gfeeds
-allow  ${HOME}/.cache/org.gabmus.gfeeds
-allow  ${HOME}/.config/org.gabmus.gfeeds.json
-allow  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-allow  /usr/libexec/webkit2gtk-4.0
-allow  /usr/share/gfeeds
+whitelist ${HOME}/.cache/gfeeds
+whitelist ${HOME}/.cache/org.gabmus.gfeeds
+whitelist ${HOME}/.config/org.gabmus.gfeeds.json
+whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+whitelist /usr/libexec/webkit2gtk-4.0
+whitelist /usr/share/gfeeds
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index 06929dbe3..d9c5a0d9a 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 0577fe24f..276ab76df 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ghostwriter
-nodeny  ${HOME}/.local/share/ghostwriter
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/ghostwriter
+noblacklist ${HOME}/.local/share/ghostwriter
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include allow-lua.inc
 
@@ -22,10 +22,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/ghostwriter
-allow  /usr/share/mozilla-dicts
-allow  /usr/share/texlive
-allow  /usr/share/pandoc*
+whitelist /usr/share/ghostwriter
+whitelist /usr/share/mozilla-dicts
+whitelist /usr/share/texlive
+whitelist /usr/share/pandoc*
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index de9db8d0f..dfc1304d1 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
 # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/babl
-nodeny  ${HOME}/.cache/gegl-0.4
-nodeny  ${HOME}/.cache/gimp
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/babl
+noblacklist ${HOME}/.cache/gegl-0.4
+noblacklist ${HOME}/.cache/gimp
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.gimp*
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/gegl-0.4
-allow  /usr/share/gimp
-allow  /usr/share/mypaint-data
-allow  /usr/share/lensfun
+whitelist /usr/share/gegl-0.4
+whitelist /usr/share/gimp
+whitelist /usr/share/mypaint-data
+whitelist /usr/share/lensfun
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index e601d3ab0..661c3a375 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.gist
+noblacklist ${HOME}/.gist
 
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gist
-allow  ${HOME}/.gist
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.gist
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 74b7506cf..5e4249376 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.subversion
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.config/git-cola
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.subversion
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.config/git-cola
 # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
 #noblacklist ${HOME}/
 
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
 # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
-allow  /usr/share/git
-allow  /usr/share/git-cola
-allow  /usr/share/git-core
-allow  /usr/share/git-gui
-allow  /usr/share/gitk
-allow  /usr/share/gitweb
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist /usr/share/git
+whitelist /usr/share/git-cola
+whitelist /usr/share/git-core
+whitelist /usr/share/git-gui
+whitelist /usr/share/gitk
+whitelist /usr/share/gitweb
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index 680e91085..bfa0081c6 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.config/nano
-nodeny  ${HOME}/.emacs
-nodeny  ${HOME}/.emacs.d
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.nanorc
-nodeny  ${HOME}/.vim
-nodeny  ${HOME}/.viminfo
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/git
-allow  /usr/share/git-core
-allow  /usr/share/gitgui
-allow  /usr/share/gitweb
-allow  /usr/share/nano
+whitelist /usr/share/git
+whitelist /usr/share/git-core
+whitelist /usr/share/gitgui
+whitelist /usr/share/gitweb
+whitelist /usr/share/nano
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index d313b5022..05d7dffa9 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
-nodeny  ${HOME}/.local/share/gitg
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.local/share/gitg
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
 #whitelist ${HOME}/.ssh
 #include whitelist-common.inc
 
-allow  /usr/share/gitg
+whitelist /usr/share/gitg
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 81b534a74..325c54ced 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-nodeny  ${HOME}/.config/GitHub Desktop
-nodeny  ${HOME}/.config/git
-nodeny  ${HOME}/.gitconfig
-nodeny  ${HOME}/.git-credentials
+noblacklist ${HOME}/.config/GitHub Desktop
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
 
 # no3d
 nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 2d1694ef7..460e2b990 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/autostart
-nodeny  ${HOME}/.config/Gitter
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/Gitter
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/Gitter
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/autostart
-allow  ${HOME}/.config/Gitter
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/autostart
+whitelist ${HOME}/.config/Gitter
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index e00bb1dbf..ed68b3c2d 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/libgweather
-nodeny  ${HOME}/.cache/org.gnome.Books
-nodeny  ${HOME}/.config/libreoffice
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.local/share/gnome-photos
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index a3236c2be..c8cefc67e 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gl-117
+noblacklist ${HOME}/.gl-117
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gl-117
-allow  ${HOME}/.gl-117
-allow  /usr/share/gl-117
+whitelist ${HOME}/.gl-117
+whitelist /usr/share/gl-117
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ec894a5f3..ee7af0546 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.glaxiumrc
+noblacklist ${HOME}/.glaxiumrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.glaxiumrc
-allow  ${HOME}/.glaxiumrc
-allow  /usr/share/glaxium
+whitelist ${HOME}/.glaxiumrc
+whitelist /usr/share/glaxium
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index e091b811f..14b3ef811 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/globaltime
+noblacklist ${HOME}/.config/globaltime
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index 79397d28f..b3aad8b2c 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gmpc
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/gmpc
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gmpc
-allow  ${HOME}/.config/gmpc
-allow  ${MUSIC}
-allow  /usr/share/gmpc
+whitelist ${HOME}/.config/gmpc
+whitelist ${MUSIC}
+whitelist /usr/share/gmpc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index c723f6e46..777c81dbe 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-2048
+noblacklist ${HOME}/.local/share/gnome-2048
 
 mkdir ${HOME}/.local/share/gnome-2048
-allow  ${HOME}/.local/share/gnome-2048
+whitelist ${HOME}/.local/share/gnome-2048
 
 private-bin gnome-2048
 
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 2ed5fa76b..34a7f557c 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/org.gnome.Books
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.cache/org.gnome.Books
+noblacklist ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 7dd1c6e22..37ca5aeff 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.bash_history
+noblacklist ${HOME}/.bash_history
 
-nodeny  ${HOME}/.cache/gnome-builder
-nodeny  ${HOME}/.config/gnome-builder
-nodeny  ${HOME}/.local/share/gnome-builder
+noblacklist ${HOME}/.cache/gnome-builder
+noblacklist ${HOME}/.config/gnome-builder
+noblacklist ${HOME}/.local/share/gnome-builder
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index d91fbaa4b..03acd66aa 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/libgweather
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 806d7e571..741fe9bf7 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/org.gnome.Characters
+whitelist /usr/share/org.gnome.Characters
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index 095210565..bd39f625c 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-chess
-nodeny  ${HOME}/.local/share/gnome-chess
+noblacklist ${HOME}/.config/gnome-chess
+noblacklist ${HOME}/.local/share/gnome-chess
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.local/share/gnome-chess
 #include whitelist-common.inc
 
-allow  /usr/share/gnuchess
-allow  /usr/share/gnome-chess
+whitelist /usr/share/gnuchess
+whitelist /usr/share/gnome-chess
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 7e2d458fd..1e7c70b84 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnome-clocks
-allow  /usr/share/libgweather
+whitelist /usr/share/gnome-clocks
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index 7902fa169..dcc6163b6 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 0f601149f..29ad67af8 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.config/libreoffice
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/libreoffice
+noblacklist ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 50c3e2c6f..2db956faf 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/gnome-hexgl
+whitelist /usr/share/gnome-hexgl
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 62a5a34ea..25b4c47de 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
-allow  ${DOWNLOADS}
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${DOWNLOADS}
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index ed074f944..c67a5c0da 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-klotski
+noblacklist ${HOME}/.local/share/gnome-klotski
 
 mkdir ${HOME}/.local/share/gnome-klotski
-allow  ${HOME}/.local/share/gnome-klotski
+whitelist ${HOME}/.local/share/gnome-klotski
 
 private-bin gnome-klotski
 
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 4a03a7ff5..1a7eafeca 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-latex
-nodeny  ${HOME}/.local/share/gnome-latex
+noblacklist ${HOME}/.config/gnome-latex
+noblacklist ${HOME}/.local/share/gnome-latex
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /usr/share/gnome-latex
-allow  /usr/share/texlive
+whitelist /usr/share/gnome-latex
+whitelist /usr/share/texlive
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 # May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index fcc02dc76..9d2ea7b7b 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /var/log/journal
+whitelist /var/log/journal
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index e21f03efe..42409dce8 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
 # Persistent global definitions
 include globals.local
 
-allow  /usr/share/gnome-mahjongg
+whitelist /usr/share/gnome-mahjongg
 
 private-bin gnome-mahjongg
 
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index cf4eceee3..23aab343f 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/champlain
-nodeny  ${HOME}/.cache/org.gnome.Maps
-nodeny  ${HOME}/.local/share/maps-places.json
+noblacklist ${HOME}/.cache/champlain
+noblacklist ${HOME}/.cache/org.gnome.Maps
+noblacklist ${HOME}/.local/share/maps-places.json
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/champlain
 mkfile ${HOME}/.local/share/maps-places.json
-allow  ${HOME}/.cache/champlain
-allow  ${HOME}/.local/share/maps-places.json
-allow  ${DOWNLOADS}
-allow  ${PICTURES}
-allow  /usr/share/gnome-maps
-allow  /usr/share/libgweather
+whitelist ${HOME}/.cache/champlain
+whitelist ${HOME}/.local/share/maps-places.json
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
+whitelist /usr/share/gnome-maps
+whitelist /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 1b2949bc5..4fe8986c2 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-mines
+noblacklist ${HOME}/.local/share/gnome-mines
 
 mkdir ${HOME}/.local/share/gnome-mines
-allow  ${HOME}/.local/share/gnome-mines
-allow  /usr/share/gnome-mines
+whitelist ${HOME}/.local/share/gnome-mines
+whitelist /usr/share/gnome-mines
 
 private-bin gnome-mines
 
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index c1cbc796a..43fe71f5e 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-mplayer
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/gnome-mplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 8fd0826c4..2fcbe9910 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-music
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.local/share/gnome-music
+noblacklist ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index a929582f8..814751db3 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnome-nettool
+whitelist /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index d4c037a41..b22810d34 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-nodeny  ${HOME}/.local/share/gnome-nibbles
+noblacklist ${HOME}/.local/share/gnome-nibbles
 
 mkdir ${HOME}/.local/share/gnome-nibbles
-allow  ${HOME}/.local/share/gnome-nibbles
-allow  /usr/share/gnome-nibbles
+whitelist ${HOME}/.local/share/gnome-nibbles
+whitelist /usr/share/gnome-nibbles
 
 private-bin gnome-nibbles
 
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index d2cf828cc..fee5f88b9 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/cracklib
-allow  /usr/share/passwordsafe
+whitelist /usr/share/cracklib
+whitelist /usr/share/passwordsafe
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 3702da2c7..58bf3f349 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index e9ae2bcb0..41903b136 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnome-pie
+noblacklist ${HOME}/.config/gnome-pie
 
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index bec23910c..c2ba7556d 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-pomodoro
+noblacklist ${HOME}/.local/share/gnome-pomodoro
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/gnome-pomodoro
-allow  ${HOME}/.local/share/gnome-pomodoro
-allow  /usr/share/gnome-pomodoro
+whitelist ${HOME}/.local/share/gnome-pomodoro
+whitelist /usr/share/gnome-pomodoro
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 5ef33fdd8..48c98ebe0 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
 include globals.local
 
 
-nodeny  ${HOME}/.cache/gnome-recipes
-nodeny  ${HOME}/.local/share/gnome-recipes
+noblacklist ${HOME}/.cache/gnome-recipes
+noblacklist ${HOME}/.local/share/gnome-recipes
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
 
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
-allow  ${HOME}/.cache/gnome-recipes
-allow  ${HOME}/.local/share/gnome-recipes
-allow  /usr/share/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.local/share/gnome-recipes
+whitelist /usr/share/gnome-recipes
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index b34d264f4..78ceb9c4f 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-ring
+noblacklist ${HOME}/.local/share/gnome-ring
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 836d4e2b2..8835f2b93 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-allow  /usr/share/gnome-robots
+whitelist /usr/share/gnome-robots
 
 private-bin gnome-robots
 
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 146f8bc4e..69c90b33d 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnome/gnome-schedule
+noblacklist ${HOME}/.gnome/gnome-schedule
 
 # Needs at and crontab to read/write user cron
-nodeny  ${PATH}/at
-nodeny  ${PATH}/crontab
+noblacklist ${PATH}/at
+noblacklist ${PATH}/crontab
 
 # Needs access to these files/dirs
-nodeny  /etc/cron.allow
-nodeny  /etc/cron.deny
-nodeny  /etc/shadow
-nodeny  /var/spool/cron
+noblacklist /etc/cron.allow
+noblacklist /etc/cron.deny
+noblacklist /etc/shadow
+noblacklist /var/spool/cron
 
 # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
 # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.gnome/gnome-schedule
-allow  ${HOME}/.gnome/gnome-schedule
-allow  /usr/share/gnome-schedule
-allow  /var/spool/atd
-allow  /var/spool/cron
+whitelist ${HOME}/.gnome/gnome-schedule
+whitelist /usr/share/gnome-schedule
+whitelist /var/spool/atd
+whitelist /var/spool/cron
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index 175549e99..b683b6f6c 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PICTURES}
-nodeny  ${HOME}/.cache/gnome-screenshot
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.cache/gnome-screenshot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index c2fb14fa4..34f5fdeff 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${HOME}/.local/share/Trash
+noblacklist ${MUSIC}
+noblacklist ${HOME}/.local/share/Trash
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 3b7835e52..12fd48a86 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/gnome-sudoku
+noblacklist ${HOME}/.local/share/gnome-sudoku
 
 mkdir ${HOME}/.local/share/gnome-sudoku
-allow  ${HOME}/.local/share/gnome-sudoku
+whitelist ${HOME}/.local/share/gnome-sudoku
 
 private-bin gnome-sudoku
 
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 6978f7cab..8a818695d 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /var/log
+whitelist /var/log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index ac87cf70f..2341334f7 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-allow  /usr/share/gnome-taquin
+whitelist /usr/share/gnome-taquin
 
 private-bin gnome-taquin
 
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 092fd58a3..3b147cd48 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnome-todo
+whitelist /usr/share/gnome-todo
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index d76872ea6..b8ec195d3 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gnome-twitch
-nodeny  ${HOME}/.local/share/gnome-twitch
+noblacklist ${HOME}/.cache/gnome-twitch
+noblacklist ${HOME}/.local/share/gnome-twitch
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/gnome-twitch
 mkdir ${HOME}/.local/share/gnome-twitch
-allow  ${HOME}/.cache/gnome-twitch
-allow  ${HOME}/.local/share/gnome-twitch
+whitelist ${HOME}/.cache/gnome-twitch
+whitelist ${HOME}/.local/share/gnome-twitch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 6f557ff8d..2e08fa41d 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-nodeny  ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index 261efefac..c3014a288 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gnote
-nodeny  ${HOME}/.local/share/gnote
+noblacklist ${HOME}/.config/gnote
+noblacklist ${HOME}/.local/share/gnote
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
-allow  ${HOME}/.config/gnote
-allow  ${HOME}/.local/share/gnote
-allow  /usr/share/gnote
+whitelist ${HOME}/.config/gnote
+whitelist ${HOME}/.local/share/gnote
+whitelist /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index e6fbca26f..22851ce9f 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gnubik
+whitelist /usr/share/gnubik
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index f35a53ca4..09ca17caa 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/godot
-nodeny  ${HOME}/.config/godot
-nodeny  ${HOME}/.local/share/godot
+noblacklist ${HOME}/.cache/godot
+noblacklist ${HOME}/.config/godot
+noblacklist ${HOME}/.local/share/godot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 95dd41c2a..8399d77c4 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index 07f0e587d..ebe5e870b 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/google-chrome-beta
-nodeny  ${HOME}/.config/google-chrome-beta
+noblacklist ${HOME}/.cache/google-chrome-beta
+noblacklist ${HOME}/.config/google-chrome-beta
 
-nodeny  ${HOME}/.config/chrome-beta-flags.conf
-nodeny  ${HOME}/.config/chrome-beta-flags.config
+noblacklist ${HOME}/.config/chrome-beta-flags.conf
+noblacklist ${HOME}/.config/chrome-beta-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-beta
 mkdir ${HOME}/.config/google-chrome-beta
-allow  ${HOME}/.cache/google-chrome-beta
-allow  ${HOME}/.config/google-chrome-beta
+whitelist ${HOME}/.cache/google-chrome-beta
+whitelist ${HOME}/.config/google-chrome-beta
 
-allow  ${HOME}/.config/chrome-beta-flags.conf
-allow  ${HOME}/.config/chrome-beta-flags.config
+whitelist ${HOME}/.config/chrome-beta-flags.conf
+whitelist ${HOME}/.config/chrome-beta-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 229904411..4d303f71b 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/google-chrome-unstable
-nodeny  ${HOME}/.config/google-chrome-unstable
+noblacklist ${HOME}/.cache/google-chrome-unstable
+noblacklist ${HOME}/.config/google-chrome-unstable
 
-nodeny  ${HOME}/.config/chrome-unstable-flags.conf
-nodeny  ${HOME}/.config/chrome-unstable-flags.config
+noblacklist ${HOME}/.config/chrome-unstable-flags.conf
+noblacklist ${HOME}/.config/chrome-unstable-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-unstable
 mkdir ${HOME}/.config/google-chrome-unstable
-allow  ${HOME}/.cache/google-chrome-unstable
-allow  ${HOME}/.config/google-chrome-unstable
+whitelist ${HOME}/.cache/google-chrome-unstable
+whitelist ${HOME}/.config/google-chrome-unstable
 
-allow  ${HOME}/.config/chrome-unstable-flags.conf
-allow  ${HOME}/.config/chrome-unstable-flags.config
+whitelist ${HOME}/.config/chrome-unstable-flags.conf
+whitelist ${HOME}/.config/chrome-unstable-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index f61642f17..ed2595f72 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/google-chrome
-nodeny  ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.cache/google-chrome
+noblacklist ${HOME}/.config/google-chrome
 
-nodeny  ${HOME}/.config/chrome-flags.conf
-nodeny  ${HOME}/.config/chrome-flags.config
+noblacklist ${HOME}/.config/chrome-flags.conf
+noblacklist ${HOME}/.config/chrome-flags.config
 
 mkdir ${HOME}/.cache/google-chrome
 mkdir ${HOME}/.config/google-chrome
-allow  ${HOME}/.cache/google-chrome
-allow  ${HOME}/.config/google-chrome
+whitelist ${HOME}/.cache/google-chrome
+whitelist ${HOME}/.config/google-chrome
 
-allow  ${HOME}/.config/chrome-flags.conf
-allow  ${HOME}/.config/chrome-flags.config
+whitelist ${HOME}/.config/chrome-flags.conf
+whitelist ${HOME}/.config/chrome-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 6039f7cbd..65ac04771 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Google
-nodeny  ${HOME}/.googleearth
+noblacklist ${HOME}/.config/Google
+noblacklist ${HOME}/.googleearth
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/Google
 mkdir ${HOME}/.googleearth
-allow  ${HOME}/.config/Google
-allow  ${HOME}/.googleearth
+whitelist ${HOME}/.config/Google
+whitelist ${HOME}/.googleearth
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index fdb65b93c..a7aabe105 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
 # noexec /tmp breaks mpris support
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Google Play Music Desktop Player
+noblacklist ${HOME}/.config/Google Play Music Desktop Player
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google Play Music Desktop Player
 # whitelist ${HOME}/.config/pulse
 # whitelist ${HOME}/.pulse
-allow  ${HOME}/.config/Google Play Music Desktop Player
+whitelist ${HOME}/.config/Google Play Music Desktop Player
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 952c9c1d4..2d0bce52b 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
 # added by caller profile
 #include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.w3m
+noblacklist ${HOME}/.w3m
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  ${HOME}/.w3m
+whitelist ${HOME}/.w3m
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 9b8da361b..37b4f0b1c 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 5fa66bb55..7f0b614b1 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-allow  ${HOME}/.gnupg
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 2ad896abe..4a4d6527c 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
+noblacklist ${HOME}/.gnupg
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  ${RUNUSER}/gnupg
-allow  ${RUNUSER}/keyring
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
-allow  /usr/share/pacman/keyrings
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/pacman/keyrings
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index 0552dc3d7..fa53c26c8 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gpicview
+noblacklist ${HOME}/.config/gpicview
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-allow  /usr/share/gpicview
+whitelist /usr/share/gpicview
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index c9e62a73f..253d644f1 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Gpredict
+noblacklist ${HOME}/.config/Gpredict
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Gpredict
-allow  ${HOME}/.config/Gpredict
+whitelist ${HOME}/.config/Gpredict
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2aebe2338..2b4c536d2 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gradio
-nodeny  ${HOME}/.local/share/gradio
+noblacklist ${HOME}/.cache/gradio
+noblacklist ${HOME}/.local/share/gradio
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
-allow  ${HOME}/.cache/gradio
-allow  ${HOME}/.local/share/gradio
+whitelist ${HOME}/.cache/gradio
+whitelist ${HOME}/.local/share/gradio
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index 53f0baccb..c7e0c2977 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gramps
+noblacklist ${HOME}/.gramps
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gramps
-allow  ${HOME}/.gramps
+whitelist ${HOME}/.gramps
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index ecc871c2e..890ba2560 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/gravity-beams-and-evaporating-stars
+whitelist /usr/share/gravity-beams-and-evaporating-stars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 9a4f7b4fb..5927e8c4d 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/gthumb
-nodeny  ${HOME}/.Steam
-nodeny  ${HOME}/.steam
+noblacklist ${HOME}/.config/gthumb
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index d6bb9902a..c8addae75 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 8241de43a..787c7bd90 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
 
 ignore quiet
 
-nodeny  /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist /tmp/.X11-unix
+noblacklist ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 6ea4ebbdc..988882622 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
 
 ignore quiet
 
-nodeny  /tmp/.X11-unix
-nodeny  ${RUNUSER}
+noblacklist /tmp/.X11-unix
+noblacklist ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 731bcad1d..3d2b71e9d 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.guayadeque
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.guayadeque
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 5cdc2cc18..2223c37a1 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/gummi
-nodeny  ${HOME}/.config/gummi
+noblacklist ${HOME}/.cache/gummi
+noblacklist ${HOME}/.config/gummi
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 3404f5177..9221ca31c 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/guvcview2
+noblacklist ${HOME}/.config/guvcview2
 
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/guvcview2
-allow  ${HOME}/.config/guvcview2
-allow  ${PICTURES}
-allow  ${VIDEOS}
+whitelist ${HOME}/.config/guvcview2
+whitelist ${PICTURES}
+whitelist ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index 132b5a2e2..d33e2a673 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.config/gwenviewrc
-nodeny  ${HOME}/.config/org.kde.gwenviewrc
-nodeny  ${HOME}/.gimp*
-nodeny  ${HOME}/.kde/share/apps/gwenview
-nodeny  ${HOME}/.kde/share/config/gwenviewrc
-nodeny  ${HOME}/.kde4/share/apps/gwenview
-nodeny  ${HOME}/.kde4/share/config/gwenviewrc
-nodeny  ${HOME}/.local/share/gwenview
-nodeny  ${HOME}/.local/share/kxmlgui5/gwenview
-nodeny  ${HOME}/.local/share/org.kde.gwenview
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/org.kde.gwenviewrc
+noblacklist ${HOME}/.gimp*
+noblacklist ${HOME}/.kde/share/apps/gwenview
+noblacklist ${HOME}/.kde/share/config/gwenviewrc
+noblacklist ${HOME}/.kde4/share/apps/gwenview
+noblacklist ${HOME}/.kde4/share/config/gwenviewrc
+noblacklist ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
+noblacklist ${HOME}/.local/share/org.kde.gwenview
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index 46c98bdc2..b261c16f4 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-nodeny  /var/lib/pacman
+noblacklist /var/lib/pacman
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index c102ac4cb..847e1ec1e 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ghb
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/ghb
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index d98a1b554..aab4b0c21 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${HOME}/.hashcat
-nodeny  /usr/include
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.hashcat
+noblacklist /usr/include
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 1c2a44e06..44584f26b 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
 
 # common profile for hasher/checksum tools
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your hasher-common.local
 # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index 90833af91..c0675d8ec 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.hedgewars
+noblacklist ${HOME}/.hedgewars
 
 include allow-lua.inc
 
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.hedgewars
-allow  ${HOME}/.hedgewars
+whitelist ${HOME}/.hedgewars
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index 993efb591..b887de147 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/hexchat
+noblacklist ${HOME}/.config/hexchat
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/hexchat
-allow  ${HOME}/.config/hexchat
+whitelist ${HOME}/.config/hexchat
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 53db642dc..643736ac7 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index ef259cc00..199b1a5e5 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/homebank
+noblacklist ${HOME}/.config/homebank
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/homebank
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/homebank
-allow  /usr/share/homebank
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/homebank
+whitelist /usr/share/homebank
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 63e1be259..00d9f7a76 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
-nodeny  ${PATH}/host
+blacklist ${RUNUSER}
+noblacklist ${PATH}/host
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index db5cd29cc..267712c87 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.hugin
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.hugin
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index 1fb33ceb8..e66ffd7e1 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/hyperrogue.ini
+noblacklist ${HOME}/hyperrogue.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/hyperrogue.ini
-allow  ${HOME}/hyperrogue.ini
-allow  /usr/share/hyperrogue
+whitelist ${HOME}/hyperrogue.ini
+whitelist /usr/share/hyperrogue
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index c8a2e8a04..47c984175 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
 # Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/i2p
-nodeny  ${HOME}/.i2p
-nodeny  ${HOME}/.local/share/i2p
-nodeny  ${HOME}/i2p
+noblacklist ${HOME}/.config/i2p
+noblacklist ${HOME}/.i2p
+noblacklist ${HOME}/.local/share/i2p
+noblacklist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-nodeny  /usr/sbin
+noblacklist /usr/sbin
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
 mkdir ${HOME}/.i2p
 mkdir ${HOME}/.local/share/i2p
 mkdir ${HOME}/i2p
-allow  ${HOME}/.config/i2p
-allow  ${HOME}/.i2p
-allow  ${HOME}/.local/share/i2p
-allow  ${HOME}/i2p
+whitelist ${HOME}/.config/i2p
+whitelist ${HOME}/.i2p
+whitelist ${HOME}/.local/share/i2p
+whitelist ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-allow  /usr/sbin/wrapper*
+whitelist /usr/sbin/wrapper*
 
 include whitelist-common.inc
 
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index 95ddad221..e96b1843c 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
 include globals.local
 
 # all applications started in i3 will run in this profile
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 0de2f658b..660343a29 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/mozilla
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/icecat
 mkdir ${HOME}/.mozilla
-allow  ${HOME}/.cache/mozilla/icecat
-allow  ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/icecat
+whitelist ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 0c22d87d0..19690cd5a 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-nodeny  ${HOME}/.cache/icedove
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.icedove
+noblacklist ${HOME}/.cache/icedove
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.icedove
 
 mkdir ${HOME}/.cache/icedove
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.icedove
-allow  ${HOME}/.cache/icedove
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.icedove
+whitelist ${HOME}/.cache/icedove
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.icedove
 include whitelist-common.inc
 
 ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 180b62ec2..680b8e777 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.IdeaIC*
-nodeny  ${HOME}/.android
-nodeny  ${HOME}/.jack-server
-nodeny  ${HOME}/.jack-settings
-nodeny  ${HOME}/.local/share/JetBrains
-nodeny  ${HOME}/.tooling
+noblacklist ${HOME}/.IdeaIC*
+noblacklist ${HOME}/.android
+noblacklist ${HOME}/.jack-server
+noblacklist ${HOME}/.jack-settings
+noblacklist ${HOME}/.local/share/JetBrains
+noblacklist ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 5d28e7aca..12ce7976b 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.imagej
+noblacklist ${HOME}/.imagej
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index 70d56a7dc..c26958d06 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}/wayland-*
 
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/imlib2
+whitelist /usr/share/imlib2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index 4914cd9d0..c152be01c 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
 # Persistent global definitions
 #include globals.local
 
-nodeny  ${DOCUMENTS}
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist ${DOCUMENTS}
+noblacklist /sbin
+noblacklist /usr/sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-allow  /usr/share/opengl-games-utils
-allow  /usr/share/zenity
+whitelist /usr/share/opengl-games-utils
+whitelist /usr/share/zenity
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 1a949b300..35dd86b32 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/inkscape
-nodeny  ${HOME}/.config/inkscape
-nodeny  ${HOME}/.inkscape
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.cache/inkscape
+noblacklist ${HOME}/.config/inkscape
+noblacklist ${HOME}/.inkscape
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 # Allow exporting .xcf files
-nodeny  ${HOME}/.config/GIMP
-nodeny  ${HOME}/.gimp*
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.gimp*
 
 
 # Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/inkscape
+whitelist /usr/share/inkscape
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index 1591ed7ea..a5cac12f2 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/inox
-nodeny  ${HOME}/.config/inox
+noblacklist ${HOME}/.cache/inox
+noblacklist ${HOME}/.config/inox
 
 mkdir ${HOME}/.cache/inox
 mkdir ${HOME}/.config/inox
-allow  ${HOME}/.cache/inox
-allow  ${HOME}/.config/inox
+whitelist ${HOME}/.cache/inox
+whitelist ${HOME}/.config/inox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index f361fd663..3037d00e9 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-nodeny  ${HOME}/.cache/iridium
-nodeny  ${HOME}/.config/iridium
+noblacklist ${HOME}/.cache/iridium
+noblacklist ${HOME}/.config/iridium
 
 mkdir ${HOME}/.cache/iridium
 mkdir ${HOME}/.config/iridium
-allow  ${HOME}/.cache/iridium
-allow  ${HOME}/.config/iridium
+whitelist ${HOME}/.cache/iridium
+whitelist ${HOME}/.config/iridium
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index fa0bcf986..e02dcbdb1 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
 
-nodeny  ${HOME}/.itch
-nodeny  ${HOME}/.config/itch
+noblacklist ${HOME}/.itch
+noblacklist ${HOME}/.config/itch
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
-allow  ${HOME}/.itch
-allow  ${HOME}/.config/itch
+whitelist ${HOME}/.itch
+whitelist ${HOME}/.config/itch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index e4be574df..3e9abf369 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/jami
-nodeny  ${HOME}/.local/share/jami
+noblacklist ${HOME}/.config/jami
+noblacklist ${HOME}/.local/share/jami
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/jami
 mkdir ${HOME}/.local/share/jami
-allow  ${HOME}/.config/jami
-allow  ${HOME}/.local/share/jami
+whitelist ${HOME}/.config/jami
+whitelist ${HOME}/.local/share/jami
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index bfea84c69..7d29f1068 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/jd-gui.cfg
+noblacklist ${HOME}/.config/jd-gui.cfg
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index c41027618..85b1f2120 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/dkl
+noblacklist ${HOME}/.config/dkl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index 9ca30c36d..edb7ed840 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
 
 ignore noexec /tmp
 
-nodeny  ${HOME}/.config/Jitsi Meet
+noblacklist ${HOME}/.config/Jitsi Meet
 
-noallow  ${DOWNLOADS}
+nowhitelist ${DOWNLOADS}
 
 mkdir ${HOME}/.config/Jitsi Meet
-allow  ${HOME}/.config/Jitsi Meet
+whitelist ${HOME}/.config/Jitsi Meet
 
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index f53e6ca32..223c360b8 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.jitsi
+noblacklist ${HOME}/.jitsi
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index c0a78ecc0..9954b8aea 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.jumpnbump
+noblacklist ${HOME}/.jumpnbump
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jumpnbump
-allow  ${HOME}/.jumpnbump
-allow  /usr/share/jumpnbump
+whitelist ${HOME}/.jumpnbump
+whitelist /usr/share/jumpnbump
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 73ce8670f..5ae90dff6 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/k3brc
-nodeny  ${HOME}/.kde/share/config/k3brc
-nodeny  ${HOME}/.kde4/share/config/k3brc
-nodeny  ${HOME}/.local/share/kxmlgui5/k3b
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.config/k3brc
+noblacklist ${HOME}/.kde/share/config/k3brc
+noblacklist ${HOME}/.kde4/share/config/k3brc
+noblacklist ${HOME}/.local/share/kxmlgui5/k3b
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index e6a00e350..d55fd22cb 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kaffeinerc
-nodeny  ${HOME}/.kde/share/apps/kaffeine
-nodeny  ${HOME}/.kde/share/config/kaffeinerc
-nodeny  ${HOME}/.kde4/share/apps/kaffeine
-nodeny  ${HOME}/.kde4/share/config/kaffeinerc
-nodeny  ${HOME}/.local/share/kaffeine
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/kaffeinerc
+noblacklist ${HOME}/.kde/share/apps/kaffeine
+noblacklist ${HOME}/.kde/share/config/kaffeinerc
+noblacklist ${HOME}/.kde4/share/apps/kaffeine
+noblacklist ${HOME}/.kde4/share/config/kaffeinerc
+noblacklist ${HOME}/.local/share/kaffeine
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 98b04353e..503dac4b6 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kalgebrarc
-nodeny  ${HOME}/.local/share/kalgebra
+noblacklist ${HOME}/.config/kalgebrarc
+noblacklist ${HOME}/.local/share/kalgebra
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  /usr/share/kalgebramobile
+whitelist /usr/share/kalgebramobile
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index db5394550..231299a2f 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
 # added by included profile
 #include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/karbon
+noblacklist ${HOME}/.local/share/kxmlgui5/karbon
 
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index d2b180492..27b87e7c3 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/katemetainfos
-nodeny  ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
-nodeny  ${HOME}/.local/share/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/kate
-nodeny  ${HOME}/.local/share/kxmlgui5/katefiletree
-nodeny  ${HOME}/.local/share/kxmlgui5/katekonsole
-nodeny  ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
-nodeny  ${HOME}/.local/share/kxmlgui5/katepart
-nodeny  ${HOME}/.local/share/kxmlgui5/kateproject
-nodeny  ${HOME}/.local/share/kxmlgui5/katesearch
+noblacklist ${HOME}/.config/katemetainfos
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.local/share/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/kate
+noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
+noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
+noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+noblacklist ${HOME}/.local/share/kxmlgui5/katepart
+noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
+noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index a4e2e64f4..9795cf168 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
-nodeny  ${HOME}/.config/kazam
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
+noblacklist ${HOME}/.config/kazam
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/kazam
+whitelist /usr/share/kazam
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index fcb168d4d..e36ee5ed2 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/kxmlgui5/kcalc
+noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.config/kcalcrc
-allow  ${HOME}/.kde/share/config/kcalcrc
-allow  ${HOME}/.kde4/share/config/kcalcrc
-allow  ${HOME}/.local/share/kxmlgui5/kcalc
-allow  /usr/share/config.kcfg/kcalc.kcfg
-allow  /usr/share/kcalc
-allow  /usr/share/kconf_update/kcalcrc.upd
+whitelist ${HOME}/.config/kcalcrc
+whitelist ${HOME}/.kde/share/config/kcalcrc
+whitelist ${HOME}/.kde4/share/config/kcalcrc
+whitelist ${HOME}/.local/share/kxmlgui5/kcalc
+whitelist /usr/share/config.kcfg/kcalc.kcfg
+whitelist /usr/share/kcalc
+whitelist /usr/share/kconf_update/kcalcrc.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index 4acafbf2a..d2a08a269 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.cache/kdenlive
-nodeny  ${HOME}/.config/kdenliverc
-nodeny  ${HOME}/.local/share/kdenlive
-nodeny  ${HOME}/.local/share/kxmlgui5/kdenlive
+noblacklist ${HOME}/.cache/kdenlive
+noblacklist ${HOME}/.config/kdenliverc
+noblacklist ${HOME}/.local/share/kdenlive
+noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 0c37f7968..7c1cb2294 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kdiff3fileitemactionrc
-nodeny  ${HOME}/.config/kdiff3rc
+noblacklist ${HOME}/.config/kdiff3fileitemactionrc
+noblacklist ${HOME}/.config/kdiff3rc
 
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-deny  ${HOME}/.ssh
-deny  ${HOME}/.gnupg
+blacklist ${HOME}/.ssh
+blacklist ${HOME}/.gnupg
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index 9c06962bc..ae8971ab4 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/KeePass
-nodeny  ${HOME}/.config/keepass
-nodeny  ${HOME}/.keepass
-nodeny  ${HOME}/.local/share/KeePass
-nodeny  ${HOME}/.local/share/keepass
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+noblacklist ${HOME}/.config/KeePass
+noblacklist ${HOME}/.config/keepass
+noblacklist ${HOME}/.keepass
+noblacklist ${HOME}/.local/share/KeePass
+noblacklist ${HOME}/.local/share/keepass
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 2772fa8bf..ac364986d 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
-nodeny  ${HOME}/.config/keepassx
-nodeny  ${HOME}/.keepassx
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+noblacklist ${HOME}/.config/keepassx
+noblacklist ${HOME}/.keepassx
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 9c530b20d..f71dcf82b 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/*.kdb
-nodeny  ${HOME}/*.kdbx
-nodeny  ${HOME}/.cache/keepassxc
-nodeny  ${HOME}/.config/keepassxc
-nodeny  ${HOME}/.config/KeePassXCrc
-nodeny  ${HOME}/.keepassxc
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+noblacklist ${HOME}/.cache/keepassxc
+noblacklist ${HOME}/.config/keepassxc
+noblacklist ${HOME}/.config/KeePassXCrc
+noblacklist ${HOME}/.keepassxc
+noblacklist ${DOCUMENTS}
 
 # Allow browser profiles, required for browser integration.
-nodeny  ${HOME}/.config/BraveSoftware
-nodeny  ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/google-chrome
-nodeny  ${HOME}/.config/vivaldi
-nodeny  ${HOME}/.local/share/torbrowser
-nodeny  ${HOME}/.mozilla
+noblacklist ${HOME}/.config/BraveSoftware
+noblacklist ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.config/vivaldi
+noblacklist ${HOME}/.local/share/torbrowser
+noblacklist ${HOME}/.mozilla
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/KeePassXCrc
 #include whitelist-common.inc
 
-allow  /usr/share/keepassxc
+whitelist /usr/share/keepassxc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 30c041cbc..2c684504b 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kgetrc
-nodeny  ${HOME}/.kde/share/apps/kget
-nodeny  ${HOME}/.kde/share/config/kgetrc
-nodeny  ${HOME}/.kde4/share/apps/kget
-nodeny  ${HOME}/.kde4/share/config/kgetrc
-nodeny  ${HOME}/.local/share/kget
-nodeny  ${HOME}/.local/share/kxmlgui5/kget
+noblacklist ${HOME}/.config/kgetrc
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.local/share/kget
+noblacklist ${HOME}/.local/share/kxmlgui5/kget
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 84d135fc3..9bcede077 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
 # This file is overwritten after every install/update
 include kid3-qt.local
 
-nodeny  ${HOME}/.config/Kid3
+noblacklist ${HOME}/.config/Kid3
 
 # Redirect
 include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index 0ef2a7845..e18292e99 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${MUSIC}
-nodeny  ${HOME}/.config/kid3rc
-nodeny  ${HOME}/.local/share/kxmlgui5/kid3
+noblacklist ${MUSIC}
+noblacklist ${HOME}/.config/kid3rc
+noblacklist ${HOME}/.local/share/kxmlgui5/kid3
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 833c1d22a..74014ffe6 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kino-history
-nodeny  ${HOME}/.kinorc
+noblacklist ${HOME}/.kino-history
+noblacklist ${HOME}/.kinorc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index b188ba0e3..40ee0bbc7 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/kiwix
-nodeny  ${HOME}/.local/share/kiwix-desktop
+noblacklist ${HOME}/.local/share/kiwix
+noblacklist ${HOME}/.local/share/kiwix-desktop
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/kiwix
 mkdir ${HOME}/.local/share/kiwix-desktop
-allow  ${HOME}/.local/share/kiwix
-allow  ${HOME}/.local/share/kiwix-desktop
+whitelist ${HOME}/.local/share/kiwix
+whitelist ${HOME}/.local/share/kiwix-desktop
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index e087e4973..c6a9023f1 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kde/share/apps/klatexformula
-nodeny  ${HOME}/.klatexformula
+noblacklist ${HOME}/.kde/share/apps/klatexformula
+noblacklist ${HOME}/.klatexformula
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index ec3912419..f5cd3a48c 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/klavaro
-nodeny  ${HOME}/.local/share/klavaro
+noblacklist ${HOME}/.config/klavaro
+noblacklist ${HOME}/.local/share/klavaro
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/klavaro
 mkdir ${HOME}/.config/klavaro
-allow  ${HOME}/.local/share/klavaro
-allow  ${HOME}/.config/klavaro
+whitelist ${HOME}/.local/share/klavaro
+whitelist ${HOME}/.config/klavaro
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 3c582c08c..95ae98e53 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
 
-nodeny  ${HOME}/.cache/akonadi*
-nodeny  ${HOME}/.cache/kmail2
-nodeny  ${HOME}/.config/akonadi*
-nodeny  ${HOME}/.config/baloorc
-nodeny  ${HOME}/.config/emaildefaults
-nodeny  ${HOME}/.config/emailidentities
-nodeny  ${HOME}/.config/kmail2rc
-nodeny  ${HOME}/.config/kmailsearchindexingrc
-nodeny  ${HOME}/.config/mailtransports
-nodeny  ${HOME}/.config/specialmailcollectionsrc
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.local/share/akonadi*
-nodeny  ${HOME}/.local/share/apps/korganizer
-nodeny  ${HOME}/.local/share/contacts
-nodeny  ${HOME}/.local/share/emailidentities
-nodeny  ${HOME}/.local/share/kmail2
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail
-nodeny  ${HOME}/.local/share/kxmlgui5/kmail2
-nodeny  ${HOME}/.local/share/local-mail
-nodeny  ${HOME}/.local/share/notes
-nodeny  /tmp/akonadi-*
+noblacklist ${HOME}/.cache/akonadi*
+noblacklist ${HOME}/.cache/kmail2
+noblacklist ${HOME}/.config/akonadi*
+noblacklist ${HOME}/.config/baloorc
+noblacklist ${HOME}/.config/emaildefaults
+noblacklist ${HOME}/.config/emailidentities
+noblacklist ${HOME}/.config/kmail2rc
+noblacklist ${HOME}/.config/kmailsearchindexingrc
+noblacklist ${HOME}/.config/mailtransports
+noblacklist ${HOME}/.config/specialmailcollectionsrc
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/akonadi*
+noblacklist ${HOME}/.local/share/apps/korganizer
+noblacklist ${HOME}/.local/share/contacts
+noblacklist ${HOME}/.local/share/emailidentities
+noblacklist ${HOME}/.local/share/kmail2
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail
+noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
+noblacklist ${HOME}/.local/share/local-mail
+noblacklist ${HOME}/.local/share/notes
+noblacklist /tmp/akonadi-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index d2ce14ab6..e88b53499 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/kmplayerrc
-nodeny  ${HOME}/.kde/share/config/kmplayerrc
-nodeny  ${HOME}/.local/share/kmplayer
-nodeny  ${MUSIC}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.config/kmplayerrc
+noblacklist ${HOME}/.kde/share/config/kmplayerrc
+noblacklist ${HOME}/.local/share/kmplayer
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index 5a9ac34da..f155d0ad6 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
 # knotes has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when knotes is started
 
-nodeny  ${HOME}/.config/knotesrc
-nodeny  ${HOME}/.local/share/knotes
-nodeny  ${HOME}/.local/share/kxmlgui5/knotes
+noblacklist ${HOME}/.config/knotesrc
+noblacklist ${HOME}/.local/share/knotes
+noblacklist ${HOME}/.local/share/kxmlgui5/knotes
 
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index 2725c87be..b7091f1fc 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
 #ignore noroot
 #ignore private-dev
 
-nodeny  ${HOME}/.kodi
-nodeny  ${MUSIC}
-nodeny  ${PICTURES}
-nodeny  ${VIDEOS}
+noblacklist ${HOME}/.kodi
+noblacklist ${MUSIC}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index d8ce33838..5b5ed6e24 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/konversationrc
-nodeny  ${HOME}/.config/konversation.notifyrc
-nodeny  ${HOME}/.kde/share/config/konversationrc
-nodeny  ${HOME}/.kde4/share/config/konversationrc
-nodeny  ${HOME}/.local/share/kxmlgui5/konversation
+noblacklist ${HOME}/.config/konversationrc
+noblacklist ${HOME}/.config/konversation.notifyrc
+noblacklist ${HOME}/.kde/share/config/konversationrc
+noblacklist ${HOME}/.kde4/share/config/konversationrc
+noblacklist ${HOME}/.local/share/kxmlgui5/konversation
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 749591f32..88f47d1bf 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.kde/share/apps/kopete
-nodeny  ${HOME}/.kde/share/config/kopeterc
-nodeny  ${HOME}/.kde4/share/apps/kopete
-nodeny  ${HOME}/.kde4/share/config/kopeterc
-nodeny  ${HOME}/.local/share/kxmlgui5/kopete
+noblacklist ${HOME}/.kde/share/apps/kopete
+noblacklist ${HOME}/.kde/share/config/kopeterc
+noblacklist ${HOME}/.kde4/share/apps/kopete
+noblacklist ${HOME}/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.local/share/kxmlgui5/kopete
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/lib/winpopup
+whitelist /var/lib/winpopup
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 950341def..8604e63d0 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
 # noexec ${HOME} may break krita, see issue #1953
 ignore noexec ${HOME}
 
-nodeny  ${HOME}/.config/kritarc
-nodeny  ${HOME}/.local/share/krita
-nodeny  ${DOCUMENTS}
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/kritarc
+noblacklist ${HOME}/.local/share/krita
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 7b325d273..9cb5eff87 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 # noblacklist ${HOME}/.config/chromium
-nodeny  ${HOME}/.config/krunnerrc
-nodeny  ${HOME}/.kde/share/config/krunnerrc
-nodeny  ${HOME}/.kde4/share/config/krunnerrc
+noblacklist ${HOME}/.config/krunnerrc
+noblacklist ${HOME}/.kde/share/config/krunnerrc
+noblacklist ${HOME}/.kde4/share/config/krunnerrc
 # noblacklist ${HOME}/.local/share/baloo
 # noblacklist ${HOME}/.mozilla
 
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index ac9fee585..5a85194e0 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ktorrentrc
-nodeny  ${HOME}/.kde/share/apps/ktorrent
-nodeny  ${HOME}/.kde/share/config/ktorrentrc
-nodeny  ${HOME}/.kde4/share/apps/ktorrent
-nodeny  ${HOME}/.kde4/share/config/ktorrentrc
-nodeny  ${HOME}/.local/share/ktorrent
-nodeny  ${HOME}/.local/share/kxmlgui5/ktorrent
+noblacklist ${HOME}/.config/ktorrentrc
+noblacklist ${HOME}/.kde/share/apps/ktorrent
+noblacklist ${HOME}/.kde/share/config/ktorrentrc
+noblacklist ${HOME}/.kde4/share/apps/ktorrent
+noblacklist ${HOME}/.kde4/share/config/ktorrentrc
+noblacklist ${HOME}/.local/share/ktorrent
+noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${DOWNLOADS}
-allow  ${HOME}/.config/ktorrentrc
-allow  ${HOME}/.kde/share/apps/ktorrent
-allow  ${HOME}/.kde/share/config/ktorrentrc
-allow  ${HOME}/.kde4/share/apps/ktorrent
-allow  ${HOME}/.kde4/share/config/ktorrentrc
-allow  ${HOME}/.local/share/ktorrent
-allow  ${HOME}/.local/share/kxmlgui5/ktorrent
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/ktorrentrc
+whitelist ${HOME}/.kde/share/apps/ktorrent
+whitelist ${HOME}/.kde/share/config/ktorrentrc
+whitelist ${HOME}/.kde4/share/apps/ktorrent
+whitelist ${HOME}/.kde4/share/config/ktorrentrc
+whitelist ${HOME}/.local/share/ktorrent
+whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 71f8e4977..4cf72b74c 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/ktouch2rc
-nodeny  ${HOME}/.local/share/ktouch
+noblacklist ${HOME}/.config/ktouch2rc
+noblacklist ${HOME}/.local/share/ktouch
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
 
 mkfile ${HOME}/.config/ktouch2rc
 mkdir ${HOME}/.local/share/ktouch
-allow  ${HOME}/.config/ktouch2rc
-allow  ${HOME}/.local/share/ktouch
+whitelist ${HOME}/.config/ktouch2rc
+whitelist ${HOME}/.local/share/ktouch
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 74ffd1162..4e9a12e5f 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.gnupg
-nodeny  ${HOME}/.mozilla
-nodeny  ${HOME}/.cache/kube
-nodeny  ${HOME}/.config/kube
-nodeny  ${HOME}/.config/sink
-nodeny  ${HOME}/.local/share/kube
-nodeny  ${HOME}/.local/share/sink
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/kube
+noblacklist ${HOME}/.config/kube
+noblacklist ${HOME}/.config/sink
+noblacklist ${HOME}/.local/share/kube
+noblacklist ${HOME}/.local/share/sink
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
 mkdir ${HOME}/.config/sink
 mkdir ${HOME}/.local/share/kube
 mkdir ${HOME}/.local/share/sink
-allow  ${HOME}/.gnupg
-allow  ${HOME}/.mozilla/firefox/profiles.ini
-allow  ${HOME}/.cache/kube
-allow  ${HOME}/.config/kube
-allow  ${HOME}/.config/sink
-allow  ${HOME}/.local/share/kube
-allow  ${HOME}/.local/share/sink
-allow  ${RUNUSER}/gnupg
-allow  /usr/share/kube
-allow  /usr/share/gnupg
-allow  /usr/share/gnupg2
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.cache/kube
+whitelist ${HOME}/.config/kube
+whitelist ${HOME}/.config/sink
+whitelist ${HOME}/.local/share/kube
+whitelist ${HOME}/.local/share/sink
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/kube
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 580f93736..15e7ceb17 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
 # fix automatical kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
 
-nodeny  ${HOME}/.cache/kwin
-nodeny  ${HOME}/.config/kwinrc
-nodeny  ${HOME}/.config/kwinrulesrc
-nodeny  ${HOME}/.local/share/kwin
+noblacklist ${HOME}/.cache/kwin
+noblacklist ${HOME}/.config/kwinrc
+noblacklist ${HOME}/.config/kwinrulesrc
+noblacklist ${HOME}/.local/share/kwin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 08b0e0224..804ffafeb 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/katepartrc
-nodeny  ${HOME}/.config/katerc
-nodeny  ${HOME}/.config/kateschemarc
-nodeny  ${HOME}/.config/katesyntaxhighlightingrc
-nodeny  ${HOME}/.config/katevirc
-nodeny  ${HOME}/.config/kwriterc
-nodeny  ${HOME}/.local/share/kwrite
-nodeny  ${HOME}/.local/share/kxmlgui5/kwrite
-nodeny  ${DOCUMENTS}
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/kwriterc
+noblacklist ${HOME}/.local/share/kwrite
+noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index 91693bfc1..ac1b8785d 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-allow  /var/lib
+whitelist /var/lib
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index e154708eb..4bbb0a86d 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/leafpad
+noblacklist ${HOME}/.config/leafpad
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index abee392de..8eb5ad0c2 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
 # Persistent global definitions
 include globals.local
 
-deny  ${RUNUSER}
+blacklist ${RUNUSER}
 
-nodeny  ${HOME}/.lesshst
+noblacklist ${HOME}/.lesshst
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index 8ec41eee3..c57eae73d 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/LibreCAD
-nodeny  ${HOME}/.local/share/LibreCAD
+noblacklist ${HOME}/.config/LibreCAD
+noblacklist ${HOME}/.local/share/LibreCAD
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-allow  /usr/share/librecad
+whitelist /usr/share/librecad
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index ae01d39b8..b1a24888c 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
 # Persistent global definitions
 include globals.local
 
-nodeny  /usr/local/sbin
-nodeny  ${HOME}/.config/libreoffice
+noblacklist /usr/local/sbin
+noblacklist ${HOME}/.config/libreoffice
 
 # libreoffice uses java for some functionality.
 # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
 
-deny  /usr/libexec
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 5c614ab8e..da047357a 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/librewolf
-nodeny  ${HOME}/.librewolf
+noblacklist ${HOME}/.cache/librewolf
+noblacklist ${HOME}/.librewolf
 
 mkdir ${HOME}/.cache/librewolf
 mkdir ${HOME}/.librewolf
-allow  ${HOME}/.cache/librewolf
-allow  ${HOME}/.librewolf
+whitelist ${HOME}/.cache/librewolf
+whitelist ${HOME}/.librewolf
 
 # Add the next lines to your librewolf.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ allow  ${HOME}/.librewolf
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-allow  /usr/share/doc
-allow  /usr/share/gtk-doc/html
-allow  /usr/share/mozilla
-allow  /usr/share/webext
+whitelist /usr/share/doc
+whitelist /usr/share/gtk-doc/html
+whitelist /usr/share/mozilla
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 595ecc257..7afca1d5f 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/liferea
-nodeny  ${HOME}/.config/liferea
-nodeny  ${HOME}/.local/share/liferea
+noblacklist ${HOME}/.cache/liferea
+noblacklist ${HOME}/.config/liferea
+noblacklist ${HOME}/.local/share/liferea
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/liferea
 mkdir ${HOME}/.config/liferea
 mkdir ${HOME}/.local/share/liferea
-allow  ${HOME}/.cache/liferea
-allow  ${HOME}/.config/liferea
-allow  ${HOME}/.local/share/liferea
-allow  /usr/share/liferea
+whitelist ${HOME}/.cache/liferea
+whitelist ${HOME}/.config/liferea
+whitelist ${HOME}/.local/share/liferea
+whitelist /usr/share/liferea
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index 58d5bcd6d..c065c44a9 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
 # Persistent global definitions
 include globals.local
 
-allow  /usr/share/lightsoff
+whitelist /usr/share/lightsoff
 
 private-bin lightsoff
 
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index e14c50d77..4254b7f33 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.lincity-ng
+noblacklist ${HOME}/.lincity-ng
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.lincity-ng
-allow  ${HOME}/.lincity-ng
+whitelist ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 51e3d5b94..cd885b1d4 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
 
 # common profile for links browsers
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-allow  ${DOWNLOADS}
+whitelist ${DOWNLOADS}
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index ae57601ca..8ce39cc7f 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.links
+noblacklist ${HOME}/.links
 
 mkdir ${HOME}/.links
-allow  ${HOME}/.links
+whitelist ${HOME}/.links
 
 private-bin links
 
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index eb349c73a..5f91dfcd2 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.links2
+noblacklist ${HOME}/.links2
 
 mkdir ${HOME}/.links2
-allow  ${HOME}/.links2
+whitelist ${HOME}/.links2
 
 private-bin links2
 
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index dd1dac05b..7ebdbef4c 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/linphone
-nodeny  ${HOME}/.linphone-history.db
-nodeny  ${HOME}/.linphonerc
-nodeny  ${HOME}/.local/share/linphone
+noblacklist ${HOME}/.config/linphone
+noblacklist ${HOME}/.linphone-history.db
+noblacklist ${HOME}/.linphonerc
+noblacklist ${HOME}/.local/share/linphone
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
 # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
 mkdir ${HOME}/.config/linphone
 mkdir ${HOME}/.local/share/linphone
-allow  ${HOME}/.config/linphone
-allow  ${HOME}/.linphone-history.db
-allow  ${HOME}/.linphonerc
-allow  ${HOME}/.local/share/linphone
-allow  ${DOWNLOADS}
+whitelist ${HOME}/.config/linphone
+whitelist ${HOME}/.linphone-history.db
+whitelist ${HOME}/.linphonerc
+whitelist ${HOME}/.local/share/linphone
+whitelist ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index b22110fdc..48b0e14dc 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.lmmsrc.xml
-nodeny  ${DOCUMENTS}
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.lmmsrc.xml
+noblacklist ${DOCUMENTS}
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index 0a7ce86e8..f2676fec5 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.local/share/lollypop
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.local/share/lollypop
+noblacklist ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 30802b3b7..174c65a65 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # note: crashes after entering
 
-nodeny  ${HOME}/.config/lugaru
-nodeny  ${HOME}/.local/share/lugaru
+noblacklist ${HOME}/.config/lugaru
+noblacklist ${HOME}/.local/share/lugaru
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/lugaru
 mkdir ${HOME}/.local/share/lugaru
-allow  ${HOME}/.config/lugaru
-allow  ${HOME}/.local/share/lugaru
+whitelist ${HOME}/.config/lugaru
+whitelist ${HOME}/.local/share/lugaru
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 73400dbd6..31067034e 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/Luminance
-nodeny  ${PICTURES}
+noblacklist ${HOME}/.config/Luminance
+noblacklist ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 9d5169b80..80a3aba86 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${PATH}/llvm*
-nodeny  ${HOME}/Games
-nodeny  ${HOME}/.cache/lutris
-nodeny  ${HOME}/.cache/winetricks
-nodeny  ${HOME}/.config/lutris
-nodeny  ${HOME}/.local/share/lutris
+noblacklist ${PATH}/llvm*
+noblacklist ${HOME}/Games
+noblacklist ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.config/lutris
+noblacklist ${HOME}/.local/share/lutris
 # noblacklist ${HOME}/.wine
-nodeny  /tmp/.wine-*
+noblacklist /tmp/.wine-*
 # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
 # Lutris won't even start.
-nodeny  /sbin
-nodeny  /usr/sbin
+noblacklist /sbin
+noblacklist /usr/sbin
 
 ignore noexec ${HOME}
 
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
 # mkdir ${HOME}/.wine
-allow  ${DOWNLOADS}
-allow  ${HOME}/Games
-allow  ${HOME}/.cache/lutris
-allow  ${HOME}/.cache/winetricks
-allow  ${HOME}/.config/lutris
-allow  ${HOME}/.local/share/lutris
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/Games
+whitelist ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/winetricks
+whitelist ${HOME}/.config/lutris
+whitelist ${HOME}/.local/share/lutris
 # whitelist ${HOME}/.wine
-allow  /usr/share/lutris
-allow  /usr/share/wine
+whitelist /usr/share/lutris
+whitelist /usr/share/wine
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index 43147211b..b2a56012e 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.config/lximage-qt
+noblacklist ${HOME}/.config/lximage-qt
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index c849f2ad2..cc4b95551 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
 # Persistent global definitions
 include globals.local
 
-nodeny  ${HOME}/.cache/xmms2
-nodeny  ${HOME}/.config/xmms2
-nodeny  ${MUSIC}
+noblacklist ${HOME}/.cache/xmms2
+noblacklist ${HOME}/.config/xmms2
+noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 15c8f1faa..a919e924b 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
 # Persistent global definitions
 include globals.local
 
-deny  /tmp/.X11-unix
-deny  ${RUNUSER}/wayland-*
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index 358dbf2f2..fa69463d1 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore private-tmp
 
-nodeny  ${HOME}/.config/LyX
-nodeny  ${HOME}/.lyx
+noblacklist ${HOME}/.config/LyX
+noblacklist ${HOME}/.lyx
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
 
-allow  /usr/share/lyx
-allow  /usr/share/texinfo
-allow  /usr/share/texlive
-allow  /usr/share/texmf-dist
-allow  /usr/share/tlpkg
+whitelist /usr/share/lyx
+whitelist /usr/share/texinfo
+whitelist /usr/share/texlive
+whitelist /usr/share/texmf-dist
+whitelist /usr/share/tlpkg
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 3a4edcf69..4637419bf 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
 include globals.local
 
 # all applications started in sway will run in this profile
-nodeny  ${HOME}/.config/sway
+noblacklist ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
-nodeny  ${HOME}/.config/i3
+noblacklist ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
-- 
cgit v1.2.3-54-g00ecf