diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc
index d6c295414ed..59cd4087817 100644
--- a/etc/inc/allow-bin-sh.inc
+++ b/etc/inc/allow-bin-sh.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-bin-sh.local
 
-noblacklist ${PATH}/bash
-noblacklist ${PATH}/dash
-noblacklist ${PATH}/sh
+nodeny  ${PATH}/bash
+nodeny  ${PATH}/dash
+nodeny  ${PATH}/sh
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc
index 011bbe226b8..71b1483cd72 100644
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@@ -3,29 +3,29 @@
 include allow-common-devel.local
 
 # Git
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
 
 # Java
-noblacklist ${HOME}/.gradle
-noblacklist ${HOME}/.java
+nodeny  ${HOME}/.gradle
+nodeny  ${HOME}/.java
 
 # Node.js
-noblacklist ${HOME}/.node-gyp
-noblacklist ${HOME}/.npm
-noblacklist ${HOME}/.npmrc
-noblacklist ${HOME}/.nvm
-noblacklist ${HOME}/.yarn
-noblacklist ${HOME}/.yarn-config
-noblacklist ${HOME}/.yarncache
-noblacklist ${HOME}/.yarnrc
+nodeny  ${HOME}/.node-gyp
+nodeny  ${HOME}/.npm
+nodeny  ${HOME}/.npmrc
+nodeny  ${HOME}/.nvm
+nodeny  ${HOME}/.yarn
+nodeny  ${HOME}/.yarn-config
+nodeny  ${HOME}/.yarncache
+nodeny  ${HOME}/.yarnrc
 
 # Python
-noblacklist ${HOME}/.pylint.d
-noblacklist ${HOME}/.python-history
-noblacklist ${HOME}/.python_history
-noblacklist ${HOME}/.pythonhist
+nodeny  ${HOME}/.pylint.d
+nodeny  ${HOME}/.python-history
+nodeny  ${HOME}/.python_history
+nodeny  ${HOME}/.pythonhist
 
 # Rust
-noblacklist ${HOME}/.cargo/*
+nodeny  ${HOME}/.cargo/*
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc
index c1366e09336..2e2490079aa 100644
--- a/etc/inc/allow-gjs.inc
+++ b/etc/inc/allow-gjs.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-gjs.local
 
-noblacklist ${PATH}/gjs
-noblacklist ${PATH}/gjs-console
-noblacklist /usr/lib/gjs
-noblacklist /usr/lib/libgjs*
-noblacklist /usr/lib/libmozjs-*
-noblacklist /usr/lib64/gjs
-noblacklist /usr/lib64/libgjs*
-noblacklist /usr/lib64/libmozjs-*
+nodeny  ${PATH}/gjs
+nodeny  ${PATH}/gjs-console
+nodeny  /usr/lib/gjs
+nodeny  /usr/lib/libgjs*
+nodeny  /usr/lib/libmozjs-*
+nodeny  /usr/lib64/gjs
+nodeny  /usr/lib64/libgjs*
+nodeny  /usr/lib64/libmozjs-*
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc
index 24d18fb7768..af44f36645e 100644
--- a/etc/inc/allow-java.inc
+++ b/etc/inc/allow-java.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-java.local
 
-noblacklist ${HOME}/.java
-noblacklist ${PATH}/java
-noblacklist /etc/java
-noblacklist /usr/lib/java
-noblacklist /usr/share/java
+nodeny  ${HOME}/.java
+nodeny  ${PATH}/java
+nodeny  /etc/java
+nodeny  /usr/lib/java
+nodeny  /usr/share/java
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc
index 9c47e7a3b7b..3d0a1997bfd 100644
--- a/etc/inc/allow-lua.inc
+++ b/etc/inc/allow-lua.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-lua.local
 
-noblacklist ${PATH}/lua*
-noblacklist /usr/include
-noblacklist /usr/lib/liblua*
-noblacklist /usr/lib/lua
-noblacklist /usr/lib64/liblua*
-noblacklist /usr/lib64/lua
-noblacklist /usr/share/lua
-noblacklist /usr/share/lua*
+nodeny  ${PATH}/lua*
+nodeny  /usr/include
+nodeny  /usr/lib/liblua*
+nodeny  /usr/lib/lua
+nodeny  /usr/lib64/liblua*
+nodeny  /usr/lib64/lua
+nodeny  /usr/share/lua
+nodeny  /usr/share/lua*
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc
index 351c94ab86e..e915b3866c9 100644
--- a/etc/inc/allow-nodejs.inc
+++ b/etc/inc/allow-nodejs.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-nodejs.local
 
-noblacklist ${PATH}/node
-noblacklist /usr/include/node
+nodeny  ${PATH}/node
+nodeny  /usr/include/node
 
 # Allow python for node-gyp (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc
index 5d2d6c5c18d..00e35e98362 100644
--- a/etc/inc/allow-opengl-game.inc
+++ b/etc/inc/allow-opengl-game.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-opengl-game.local
 
-noblacklist ${PATH}/bash
-whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh
+nodeny  ${PATH}/bash
+allow  /usr/share/opengl-games-utils/opengl-game-functions.sh
 private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc
index 5a1952c94e3..134d2723930 100644
--- a/etc/inc/allow-perl.inc
+++ b/etc/inc/allow-perl.inc
@@ -2,11 +2,11 @@
 # Persistent customizations should go in a .local file.
 include allow-perl.local
 
-noblacklist ${PATH}/core_perl
-noblacklist ${PATH}/cpan*
-noblacklist ${PATH}/perl
-noblacklist ${PATH}/site_perl
-noblacklist ${PATH}/vendor_perl
-noblacklist /usr/lib/perl*
-noblacklist /usr/lib64/perl*
-noblacklist /usr/share/perl*
+nodeny  ${PATH}/core_perl
+nodeny  ${PATH}/cpan*
+nodeny  ${PATH}/perl
+nodeny  ${PATH}/site_perl
+nodeny  ${PATH}/vendor_perl
+nodeny  /usr/lib/perl*
+nodeny  /usr/lib64/perl*
+nodeny  /usr/share/perl*
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc
index a0950dc2688..520c2019ecd 100644
--- a/etc/inc/allow-php.inc
+++ b/etc/inc/allow-php.inc
@@ -2,6 +2,6 @@
 # Persistent customizations should go in a .local file.
 include allow-php.local
 
-noblacklist ${PATH}/php*
-noblacklist /usr/lib/php*
-noblacklist /usr/share/php*
+nodeny  ${PATH}/php*
+nodeny  /usr/lib/php*
+nodeny  /usr/share/php*
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc
index b0525e2e18a..f1830043ad6 100644
--- a/etc/inc/allow-python2.inc
+++ b/etc/inc/allow-python2.inc
@@ -2,8 +2,8 @@
 # Persistent customizations should go in a .local file.
 include allow-python2.local
 
-noblacklist ${PATH}/python2*
-noblacklist /usr/include/python2*
-noblacklist /usr/lib/python2*
-noblacklist /usr/local/lib/python2*
-noblacklist /usr/share/python2*
+nodeny  ${PATH}/python2*
+nodeny  /usr/include/python2*
+nodeny  /usr/lib/python2*
+nodeny  /usr/local/lib/python2*
+nodeny  /usr/share/python2*
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc
index d968886b009..e4b6ed1a998 100644
--- a/etc/inc/allow-python3.inc
+++ b/etc/inc/allow-python3.inc
@@ -2,9 +2,9 @@
 # Persistent customizations should go in a .local file.
 include allow-python3.local
 
-noblacklist ${PATH}/python3*
-noblacklist /usr/include/python3*
-noblacklist /usr/lib/python3*
-noblacklist /usr/lib64/python3*
-noblacklist /usr/local/lib/python3*
-noblacklist /usr/share/python3*
+nodeny  ${PATH}/python3*
+nodeny  /usr/include/python3*
+nodeny  /usr/lib/python3*
+nodeny  /usr/lib64/python3*
+nodeny  /usr/local/lib/python3*
+nodeny  /usr/share/python3*
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc
index a8c70121902..d949bbc8450 100644
--- a/etc/inc/allow-ruby.inc
+++ b/etc/inc/allow-ruby.inc
@@ -2,5 +2,5 @@
 # Persistent customizations should go in a .local file.
 include allow-ruby.local
 
-noblacklist ${PATH}/ruby
-noblacklist /usr/lib/ruby
+nodeny  ${PATH}/ruby
+nodeny  /usr/lib/ruby
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc
index 67c78a4832f..44957bf323d 100644
--- a/etc/inc/allow-ssh.inc
+++ b/etc/inc/allow-ssh.inc
@@ -2,7 +2,7 @@
 # Persistent customizations should go in a .local file.
 include allow-ssh.local
 
-noblacklist ${HOME}/.ssh
-noblacklist /etc/ssh
-noblacklist /etc/ssh/ssh_config
-noblacklist /tmp/ssh-*
+nodeny  ${HOME}/.ssh
+nodeny  /etc/ssh
+nodeny  /etc/ssh/ssh_config
+nodeny  /tmp/ssh-*
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 2dc53d311a2..4c83284eebc 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -5,63 +5,63 @@ include disable-common.local
 # The following block breaks trash functionality in file managers
 #read-only ${HOME}/.local
 #read-write ${HOME}/.local/share
-blacklist ${HOME}/.local/share/Trash
+deny  ${HOME}/.local/share/Trash
 
 # History files in $HOME and clipboard managers
-blacklist-nolog ${HOME}/.*_history
-blacklist-nolog ${HOME}/.adobe
-blacklist-nolog ${HOME}/.cache/greenclip*
-blacklist-nolog ${HOME}/.histfile
-blacklist-nolog ${HOME}/.history
-blacklist-nolog ${HOME}/.kde/share/apps/klipper
-blacklist-nolog ${HOME}/.kde4/share/apps/klipper
-blacklist-nolog ${HOME}/.local/share/fish/fish_history
-blacklist-nolog ${HOME}/.local/share/klipper
-blacklist-nolog ${HOME}/.macromedia
-blacklist-nolog ${HOME}/.mupdf.history
-blacklist-nolog ${HOME}/.python-history
-blacklist-nolog ${HOME}/.python_history
-blacklist-nolog ${HOME}/.pythonhist
-blacklist-nolog ${HOME}/.lesshst
-blacklist-nolog ${HOME}/.viminfo
-blacklist-nolog /tmp/clipmenu*
+deny-nolog  ${HOME}/.*_history
+deny-nolog  ${HOME}/.adobe
+deny-nolog  ${HOME}/.cache/greenclip*
+deny-nolog  ${HOME}/.histfile
+deny-nolog  ${HOME}/.history
+deny-nolog  ${HOME}/.kde/share/apps/klipper
+deny-nolog  ${HOME}/.kde4/share/apps/klipper
+deny-nolog  ${HOME}/.local/share/fish/fish_history
+deny-nolog  ${HOME}/.local/share/klipper
+deny-nolog  ${HOME}/.macromedia
+deny-nolog  ${HOME}/.mupdf.history
+deny-nolog  ${HOME}/.python-history
+deny-nolog  ${HOME}/.python_history
+deny-nolog  ${HOME}/.pythonhist
+deny-nolog  ${HOME}/.lesshst
+deny-nolog  ${HOME}/.viminfo
+deny-nolog  /tmp/clipmenu*
 
 # X11 session autostart
 # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs
-blacklist ${HOME}/.Xsession
-blacklist ${HOME}/.blackbox
-blacklist ${HOME}/.config/autostart
-blacklist ${HOME}/.config/autostart-scripts
-blacklist ${HOME}/.config/awesome
-blacklist ${HOME}/.config/i3
-blacklist ${HOME}/.config/sway
-blacklist ${HOME}/.config/lxsession/LXDE/autostart
-blacklist ${HOME}/.config/openbox
-blacklist ${HOME}/.config/plasma-workspace
-blacklist ${HOME}/.config/startupconfig
-blacklist ${HOME}/.config/startupconfigkeys
-blacklist ${HOME}/.fluxbox
-blacklist ${HOME}/.gnomerc
-blacklist ${HOME}/.kde/Autostart
-blacklist ${HOME}/.kde/env
-blacklist ${HOME}/.kde/share/autostart
-blacklist ${HOME}/.kde/share/config/startupconfig
-blacklist ${HOME}/.kde/share/config/startupconfigkeys
-blacklist ${HOME}/.kde/shutdown
-blacklist ${HOME}/.kde4/env
-blacklist ${HOME}/.kde4/Autostart
-blacklist ${HOME}/.kde4/share/autostart
-blacklist ${HOME}/.kde4/shutdown
-blacklist ${HOME}/.kde4/share/config/startupconfig
-blacklist ${HOME}/.kde4/share/config/startupconfigkeys
-blacklist ${HOME}/.local/share/autostart
-blacklist ${HOME}/.xinitrc
-blacklist ${HOME}/.xprofile
-blacklist ${HOME}/.xserverrc
-blacklist ${HOME}/.xsession
-blacklist ${HOME}/.xsessionrc
-blacklist /etc/X11/Xsession.d
-blacklist /etc/xdg/autostart
+deny  ${HOME}/.Xsession
+deny  ${HOME}/.blackbox
+deny  ${HOME}/.config/autostart
+deny  ${HOME}/.config/autostart-scripts
+deny  ${HOME}/.config/awesome
+deny  ${HOME}/.config/i3
+deny  ${HOME}/.config/sway
+deny  ${HOME}/.config/lxsession/LXDE/autostart
+deny  ${HOME}/.config/openbox
+deny  ${HOME}/.config/plasma-workspace
+deny  ${HOME}/.config/startupconfig
+deny  ${HOME}/.config/startupconfigkeys
+deny  ${HOME}/.fluxbox
+deny  ${HOME}/.gnomerc
+deny  ${HOME}/.kde/Autostart
+deny  ${HOME}/.kde/env
+deny  ${HOME}/.kde/share/autostart
+deny  ${HOME}/.kde/share/config/startupconfig
+deny  ${HOME}/.kde/share/config/startupconfigkeys
+deny  ${HOME}/.kde/shutdown
+deny  ${HOME}/.kde4/env
+deny  ${HOME}/.kde4/Autostart
+deny  ${HOME}/.kde4/share/autostart
+deny  ${HOME}/.kde4/shutdown
+deny  ${HOME}/.kde4/share/config/startupconfig
+deny  ${HOME}/.kde4/share/config/startupconfigkeys
+deny  ${HOME}/.local/share/autostart
+deny  ${HOME}/.xinitrc
+deny  ${HOME}/.xprofile
+deny  ${HOME}/.xserverrc
+deny  ${HOME}/.xsession
+deny  ${HOME}/.xsessionrc
+deny  /etc/X11/Xsession.d
+deny  /etc/xdg/autostart
 read-only ${HOME}/.Xauthority
 
 # Session manager
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority
 #?HAS_X11: blacklist /tmp/.ICE-unix
 
 # KDE config
-blacklist ${HOME}/.cache/konsole
-blacklist ${HOME}/.config/khotkeysrc
-blacklist ${HOME}/.config/krunnerrc
-blacklist ${HOME}/.config/kscreenlockerrc
-blacklist ${HOME}/.config/ksslcertificatemanager
-blacklist ${HOME}/.config/kwalletrc
-blacklist ${HOME}/.config/kwinrc
-blacklist ${HOME}/.config/kwinrulesrc
-blacklist ${HOME}/.config/plasma-locale-settings.sh
-blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
-blacklist ${HOME}/.config/plasmashellrc
-blacklist ${HOME}/.config/plasmavaultrc
-blacklist ${HOME}/.kde/share/apps/kwin
-blacklist ${HOME}/.kde/share/apps/plasma
-blacklist ${HOME}/.kde/share/apps/solid
-blacklist ${HOME}/.kde/share/config/khotkeysrc
-blacklist ${HOME}/.kde/share/config/krunnerrc
-blacklist ${HOME}/.kde/share/config/kscreensaverrc
-blacklist ${HOME}/.kde/share/config/ksslcertificatemanager
-blacklist ${HOME}/.kde/share/config/kwalletrc
-blacklist ${HOME}/.kde/share/config/kwinrc
-blacklist ${HOME}/.kde/share/config/kwinrulesrc
-blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc
-blacklist ${HOME}/.kde4/share/apps/kwin
-blacklist ${HOME}/.kde4/share/apps/plasma
-blacklist ${HOME}/.kde4/share/apps/solid
-blacklist ${HOME}/.kde4/share/config/khotkeysrc
-blacklist ${HOME}/.kde4/share/config/krunnerrc
-blacklist ${HOME}/.kde4/share/config/kscreensaverrc
-blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager
-blacklist ${HOME}/.kde4/share/config/kwalletrc
-blacklist ${HOME}/.kde4/share/config/kwinrc
-blacklist ${HOME}/.kde4/share/config/kwinrulesrc
-blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
-blacklist ${HOME}/.local/share/kglobalaccel
-blacklist ${HOME}/.local/share/kwin
-blacklist ${HOME}/.local/share/plasma
-blacklist ${HOME}/.local/share/plasmashell
-blacklist ${HOME}/.local/share/solid
-blacklist /tmp/konsole-*.history
+deny  ${HOME}/.cache/konsole
+deny  ${HOME}/.config/khotkeysrc
+deny  ${HOME}/.config/krunnerrc
+deny  ${HOME}/.config/kscreenlockerrc
+deny  ${HOME}/.config/ksslcertificatemanager
+deny  ${HOME}/.config/kwalletrc
+deny  ${HOME}/.config/kwinrc
+deny  ${HOME}/.config/kwinrulesrc
+deny  ${HOME}/.config/plasma-locale-settings.sh
+deny  ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc
+deny  ${HOME}/.config/plasmashellrc
+deny  ${HOME}/.config/plasmavaultrc
+deny  ${HOME}/.kde/share/apps/kwin
+deny  ${HOME}/.kde/share/apps/plasma
+deny  ${HOME}/.kde/share/apps/solid
+deny  ${HOME}/.kde/share/config/khotkeysrc
+deny  ${HOME}/.kde/share/config/krunnerrc
+deny  ${HOME}/.kde/share/config/kscreensaverrc
+deny  ${HOME}/.kde/share/config/ksslcertificatemanager
+deny  ${HOME}/.kde/share/config/kwalletrc
+deny  ${HOME}/.kde/share/config/kwinrc
+deny  ${HOME}/.kde/share/config/kwinrulesrc
+deny  ${HOME}/.kde/share/config/plasma-desktop-appletsrc
+deny  ${HOME}/.kde4/share/apps/kwin
+deny  ${HOME}/.kde4/share/apps/plasma
+deny  ${HOME}/.kde4/share/apps/solid
+deny  ${HOME}/.kde4/share/config/khotkeysrc
+deny  ${HOME}/.kde4/share/config/krunnerrc
+deny  ${HOME}/.kde4/share/config/kscreensaverrc
+deny  ${HOME}/.kde4/share/config/ksslcertificatemanager
+deny  ${HOME}/.kde4/share/config/kwalletrc
+deny  ${HOME}/.kde4/share/config/kwinrc
+deny  ${HOME}/.kde4/share/config/kwinrulesrc
+deny  ${HOME}/.kde4/share/config/plasma-desktop-appletsrc
+deny  ${HOME}/.local/share/kglobalaccel
+deny  ${HOME}/.local/share/kwin
+deny  ${HOME}/.local/share/plasma
+deny  ${HOME}/.local/share/plasmashell
+deny  ${HOME}/.local/share/solid
+deny  /tmp/konsole-*.history
 read-only ${HOME}/.cache/ksycoca5_*
 read-only ${HOME}/.config/*notifyrc
 read-only ${HOME}/.config/kdeglobals
@@ -138,124 +138,124 @@ read-only ${HOME}/.local/share/kservices5
 read-only ${HOME}/.local/share/kssl
 
 # KDE sockets
-blacklist ${RUNUSER}/*.slave-socket
-blacklist ${RUNUSER}/kdeinit5__*
-blacklist ${RUNUSER}/kdesud_*
+deny  ${RUNUSER}/*.slave-socket
+deny  ${RUNUSER}/kdeinit5__*
+deny  ${RUNUSER}/kdesud_*
 # see #3358
 #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-*
 #?HAS_NODBUS: blacklist /tmp/ksocket-*
 
 # gnome
 # contains extensions, last used times of applications, and notifications
-blacklist ${HOME}/.local/share/gnome-shell
+deny  ${HOME}/.local/share/gnome-shell
 # contains recently used files and serials of static/removable storage
-blacklist ${HOME}/.local/share/gvfs-metadata
+deny  ${HOME}/.local/share/gvfs-metadata
 # no direct modification of dconf database
 read-only ${HOME}/.config/dconf
-blacklist ${RUNUSER}/gnome-session-leader-fifo
-blacklist ${RUNUSER}/gnome-shell
-blacklist ${RUNUSER}/gsconnect
+deny  ${RUNUSER}/gnome-session-leader-fifo
+deny  ${RUNUSER}/gnome-shell
+deny  ${RUNUSER}/gsconnect
 
 # systemd
-blacklist ${HOME}/.config/systemd
-blacklist ${HOME}/.local/share/systemd
-blacklist /var/lib/systemd
-blacklist ${PATH}/systemd-run
-blacklist ${RUNUSER}/systemd
+deny  ${HOME}/.config/systemd
+deny  ${HOME}/.local/share/systemd
+deny  /var/lib/systemd
+deny  ${PATH}/systemd-run
+deny  ${RUNUSER}/systemd
 # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
 #blacklist /var/run/systemd
 
 # openrc
-blacklist /etc/runlevels/
-blacklist /etc/init.d/
-blacklist /etc/rc.conf
+deny  /etc/runlevels/
+deny  /etc/init.d/
+deny  /etc/rc.conf
 
 # VirtualBox
-blacklist ${HOME}/.VirtualBox
-blacklist ${HOME}/.config/VirtualBox
-blacklist ${HOME}/VirtualBox VMs
+deny  ${HOME}/.VirtualBox
+deny  ${HOME}/.config/VirtualBox
+deny  ${HOME}/VirtualBox VMs
 
 # GNOME Boxes
-blacklist ${HOME}/.config/gnome-boxes
-blacklist ${HOME}/.local/share/gnome-boxes
+deny  ${HOME}/.config/gnome-boxes
+deny  ${HOME}/.local/share/gnome-boxes
 
 # libvirt
-blacklist ${HOME}/.cache/libvirt
-blacklist ${HOME}/.config/libvirt
-blacklist ${RUNUSER}/libvirt
-blacklist /var/cache/libvirt
-blacklist /var/lib/libvirt
-blacklist /var/log/libvirt
+deny  ${HOME}/.cache/libvirt
+deny  ${HOME}/.config/libvirt
+deny  ${RUNUSER}/libvirt
+deny  /var/cache/libvirt
+deny  /var/lib/libvirt
+deny  /var/log/libvirt
 
 # OCI-Containers / Podman
-blacklist ${RUNUSER}/containers
-blacklist ${RUNUSER}/crun
-blacklist ${RUNUSER}/libpod
-blacklist ${RUNUSER}/runc
-blacklist ${RUNUSER}/toolbox
+deny  ${RUNUSER}/containers
+deny  ${RUNUSER}/crun
+deny  ${RUNUSER}/libpod
+deny  ${RUNUSER}/runc
+deny  ${RUNUSER}/toolbox
 
 # VeraCrypt
-blacklist ${HOME}/.VeraCrypt
-blacklist ${PATH}/veracrypt
-blacklist ${PATH}/veracrypt-uninstall.sh
-blacklist /usr/share/applications/veracrypt.*
-blacklist /usr/share/pixmaps/veracrypt.*
-blacklist /usr/share/veracrypt
+deny  ${HOME}/.VeraCrypt
+deny  ${PATH}/veracrypt
+deny  ${PATH}/veracrypt-uninstall.sh
+deny  /usr/share/applications/veracrypt.*
+deny  /usr/share/pixmaps/veracrypt.*
+deny  /usr/share/veracrypt
 
 # TrueCrypt
-blacklist ${HOME}/.TrueCrypt
-blacklist ${PATH}/truecrypt
-blacklist ${PATH}/truecrypt-uninstall.sh
-blacklist /usr/share/applications/truecrypt.*
-blacklist /usr/share/pixmaps/truecrypt.*
-blacklist /usr/share/truecrypt
+deny  ${HOME}/.TrueCrypt
+deny  ${PATH}/truecrypt
+deny  ${PATH}/truecrypt-uninstall.sh
+deny  /usr/share/applications/truecrypt.*
+deny  /usr/share/pixmaps/truecrypt.*
+deny  /usr/share/truecrypt
 
 # zuluCrypt
-blacklist ${HOME}/.zuluCrypt
-blacklist ${HOME}/.zuluCrypt-socket
-blacklist ${PATH}/zuluCrypt-cli
-blacklist ${PATH}/zuluMount-cli
+deny  ${HOME}/.zuluCrypt
+deny  ${HOME}/.zuluCrypt-socket
+deny  ${PATH}/zuluCrypt-cli
+deny  ${PATH}/zuluMount-cli
 
 # var
-blacklist /var/cache/apt
-blacklist /var/cache/pacman
-blacklist /var/lib/apt
-blacklist /var/lib/clamav
-blacklist /var/lib/dkms
-blacklist /var/lib/mysql/mysql.sock
-blacklist /var/lib/mysqld/mysql.sock
-blacklist /var/lib/pacman
-blacklist /var/lib/upower
+deny  /var/cache/apt
+deny  /var/cache/pacman
+deny  /var/lib/apt
+deny  /var/lib/clamav
+deny  /var/lib/dkms
+deny  /var/lib/mysql/mysql.sock
+deny  /var/lib/mysqld/mysql.sock
+deny  /var/lib/pacman
+deny  /var/lib/upower
 # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for
 # every sandbox, unless --writable-var-log switch is activated
-blacklist /var/mail
-blacklist /var/opt
-blacklist /var/run/acpid.socket
-blacklist /var/run/docker.sock
-blacklist /var/run/minissdpd.sock
-blacklist /var/run/mysql/mysqld.sock
-blacklist /var/run/mysqld/mysqld.sock
-blacklist /var/run/rpcbind.sock
-blacklist /var/run/screens
-blacklist /var/spool/anacron
-blacklist /var/spool/cron
-blacklist /var/spool/mail
+deny  /var/mail
+deny  /var/opt
+deny  /var/run/acpid.socket
+deny  /var/run/docker.sock
+deny  /var/run/minissdpd.sock
+deny  /var/run/mysql/mysqld.sock
+deny  /var/run/mysqld/mysqld.sock
+deny  /var/run/rpcbind.sock
+deny  /var/run/screens
+deny  /var/spool/anacron
+deny  /var/spool/cron
+deny  /var/spool/mail
 
 # etc
-blacklist /etc/anacrontab
-blacklist /etc/cron*
-blacklist /etc/profile.d
-blacklist /etc/rc.local
+deny  /etc/anacrontab
+deny  /etc/cron*
+deny  /etc/profile.d
+deny  /etc/rc.local
 # rc1.d, rc2.d, ...
-blacklist /etc/rc?.d
-blacklist /etc/kernel*
-blacklist /etc/grub*
-blacklist /etc/dkms
-blacklist /etc/apparmor*
-blacklist /etc/selinux
-blacklist /etc/modules*
-blacklist /etc/logrotate*
-blacklist /etc/adduser.conf
+deny  /etc/rc?.d
+deny  /etc/kernel*
+deny  /etc/grub*
+deny  /etc/dkms
+deny  /etc/apparmor*
+deny  /etc/selinux
+deny  /etc/modules*
+deny  /etc/logrotate*
+deny  /etc/adduser.conf
 
 # Startup files
 read-only ${HOME}/.antigen
@@ -292,13 +292,13 @@ read-only ${HOME}/.zshrc
 read-only ${HOME}/.zshrc.local
 
 # Remote access
-blacklist ${HOME}/.rhosts
-blacklist ${HOME}/.shosts
-blacklist ${HOME}/.ssh/authorized_keys
-blacklist ${HOME}/.ssh/authorized_keys2
-blacklist ${HOME}/.ssh/environment
-blacklist ${HOME}/.ssh/rc
-blacklist /etc/hosts.equiv
+deny  ${HOME}/.rhosts
+deny  ${HOME}/.shosts
+deny  ${HOME}/.ssh/authorized_keys
+deny  ${HOME}/.ssh/authorized_keys2
+deny  ${HOME}/.ssh/environment
+deny  ${HOME}/.ssh/rc
+deny  /etc/hosts.equiv
 read-only ${HOME}/.ssh/config
 read-only ${HOME}/.ssh/config.d
 
@@ -359,200 +359,200 @@ read-only ${HOME}/.local/share/mime
 read-only ${HOME}/.local/share/thumbnailers
 
 # prevent access to ssh-agent
-blacklist /tmp/ssh-*
+deny  /tmp/ssh-*
 
 # top secret
-blacklist ${HOME}/*.kdb
-blacklist ${HOME}/*.kdbx
-blacklist ${HOME}/*.key
-blacklist ${HOME}/.Private
-blacklist ${HOME}/.caff
-blacklist ${HOME}/.cargo/credentials
-blacklist ${HOME}/.cargo/credentials.toml
-blacklist ${HOME}/.cert
-blacklist ${HOME}/.config/keybase
-blacklist ${HOME}/.davfs2/secrets
-blacklist ${HOME}/.ecryptfs
-blacklist ${HOME}/.fetchmailrc
-blacklist ${HOME}/.fscrypt
-blacklist ${HOME}/.git-credential-cache
-blacklist ${HOME}/.git-credentials
-blacklist ${HOME}/.gnome2/keyrings
-blacklist ${HOME}/.gnupg
-blacklist ${HOME}/.config/hub
-blacklist ${HOME}/.kde/share/apps/kwallet
-blacklist ${HOME}/.kde4/share/apps/kwallet
-blacklist ${HOME}/.local/share/keyrings
-blacklist ${HOME}/.local/share/kwalletd
-blacklist ${HOME}/.local/share/plasma-vault
-blacklist ${HOME}/.msmtprc
-blacklist ${HOME}/.mutt
-blacklist ${HOME}/.muttrc
-blacklist ${HOME}/.netrc
-blacklist ${HOME}/.nyx
-blacklist ${HOME}/.pki
-blacklist ${HOME}/.local/share/pki
-blacklist ${HOME}/.smbcredentials
-blacklist ${HOME}/.ssh
-blacklist ${HOME}/.vaults
-blacklist /.fscrypt
-blacklist /etc/davfs2/secrets
-blacklist /etc/group+
-blacklist /etc/group-
-blacklist /etc/gshadow
-blacklist /etc/gshadow+
-blacklist /etc/gshadow-
-blacklist /etc/passwd+
-blacklist /etc/passwd-
-blacklist /etc/shadow
-blacklist /etc/shadow+
-blacklist /etc/shadow-
-blacklist /etc/ssh
-blacklist /etc/ssh/*
-blacklist /home/.ecryptfs
-blacklist /home/.fscrypt
-blacklist /var/backup
+deny  ${HOME}/*.kdb
+deny  ${HOME}/*.kdbx
+deny  ${HOME}/*.key
+deny  ${HOME}/.Private
+deny  ${HOME}/.caff
+deny  ${HOME}/.cargo/credentials
+deny  ${HOME}/.cargo/credentials.toml
+deny  ${HOME}/.cert
+deny  ${HOME}/.config/keybase
+deny  ${HOME}/.davfs2/secrets
+deny  ${HOME}/.ecryptfs
+deny  ${HOME}/.fetchmailrc
+deny  ${HOME}/.fscrypt
+deny  ${HOME}/.git-credential-cache
+deny  ${HOME}/.git-credentials
+deny  ${HOME}/.gnome2/keyrings
+deny  ${HOME}/.gnupg
+deny  ${HOME}/.config/hub
+deny  ${HOME}/.kde/share/apps/kwallet
+deny  ${HOME}/.kde4/share/apps/kwallet
+deny  ${HOME}/.local/share/keyrings
+deny  ${HOME}/.local/share/kwalletd
+deny  ${HOME}/.local/share/plasma-vault
+deny  ${HOME}/.msmtprc
+deny  ${HOME}/.mutt
+deny  ${HOME}/.muttrc
+deny  ${HOME}/.netrc
+deny  ${HOME}/.nyx
+deny  ${HOME}/.pki
+deny  ${HOME}/.local/share/pki
+deny  ${HOME}/.smbcredentials
+deny  ${HOME}/.ssh
+deny  ${HOME}/.vaults
+deny  /.fscrypt
+deny  /etc/davfs2/secrets
+deny  /etc/group+
+deny  /etc/group-
+deny  /etc/gshadow
+deny  /etc/gshadow+
+deny  /etc/gshadow-
+deny  /etc/passwd+
+deny  /etc/passwd-
+deny  /etc/shadow
+deny  /etc/shadow+
+deny  /etc/shadow-
+deny  /etc/ssh
+deny  /etc/ssh/*
+deny  /home/.ecryptfs
+deny  /home/.fscrypt
+deny  /var/backup
 
 # cloud provider configuration
-blacklist ${HOME}/.aws
-blacklist ${HOME}/.boto
-blacklist ${HOME}/.config/gcloud
-blacklist ${HOME}/.kube
-blacklist ${HOME}/.passwd-s3fs
-blacklist ${HOME}/.s3cmd
-blacklist /etc/boto.cfg
+deny  ${HOME}/.aws
+deny  ${HOME}/.boto
+deny  ${HOME}/.config/gcloud
+deny  ${HOME}/.kube
+deny  ${HOME}/.passwd-s3fs
+deny  ${HOME}/.s3cmd
+deny  /etc/boto.cfg
 
 # system directories
-blacklist /sbin
-blacklist /usr/local/sbin
-blacklist /usr/sbin
+deny  /sbin
+deny  /usr/local/sbin
+deny  /usr/sbin
 
 # system management
-blacklist ${PATH}/at
-blacklist ${PATH}/busybox
-blacklist ${PATH}/chage
-blacklist ${PATH}/chfn
-blacklist ${PATH}/chsh
-blacklist ${PATH}/crontab
-blacklist ${PATH}/evtest
-blacklist ${PATH}/expiry
-blacklist ${PATH}/fusermount
-blacklist ${PATH}/gksu
-blacklist ${PATH}/gksudo
-blacklist ${PATH}/gpasswd
-blacklist ${PATH}/kdesudo
-blacklist ${PATH}/ksu
-blacklist ${PATH}/mount
-blacklist ${PATH}/mount.ecryptfs_private
-blacklist ${PATH}/nc
-blacklist ${PATH}/ncat
-blacklist ${PATH}/nmap
-blacklist ${PATH}/newgidmap
-blacklist ${PATH}/newgrp
-blacklist ${PATH}/newuidmap
-blacklist ${PATH}/ntfs-3g
-blacklist ${PATH}/pkexec
-blacklist ${PATH}/procmail
-blacklist ${PATH}/sg
-blacklist ${PATH}/strace
-blacklist ${PATH}/su
-blacklist ${PATH}/sudo
-blacklist ${PATH}/tcpdump
-blacklist ${PATH}/umount
-blacklist ${PATH}/unix_chkpwd
-blacklist ${PATH}/xev
-blacklist ${PATH}/xinput
+deny  ${PATH}/at
+deny  ${PATH}/busybox
+deny  ${PATH}/chage
+deny  ${PATH}/chfn
+deny  ${PATH}/chsh
+deny  ${PATH}/crontab
+deny  ${PATH}/evtest
+deny  ${PATH}/expiry
+deny  ${PATH}/fusermount
+deny  ${PATH}/gksu
+deny  ${PATH}/gksudo
+deny  ${PATH}/gpasswd
+deny  ${PATH}/kdesudo
+deny  ${PATH}/ksu
+deny  ${PATH}/mount
+deny  ${PATH}/mount.ecryptfs_private
+deny  ${PATH}/nc
+deny  ${PATH}/ncat
+deny  ${PATH}/nmap
+deny  ${PATH}/newgidmap
+deny  ${PATH}/newgrp
+deny  ${PATH}/newuidmap
+deny  ${PATH}/ntfs-3g
+deny  ${PATH}/pkexec
+deny  ${PATH}/procmail
+deny  ${PATH}/sg
+deny  ${PATH}/strace
+deny  ${PATH}/su
+deny  ${PATH}/sudo
+deny  ${PATH}/tcpdump
+deny  ${PATH}/umount
+deny  ${PATH}/unix_chkpwd
+deny  ${PATH}/xev
+deny  ${PATH}/xinput
 
 # other SUID binaries
-blacklist /usr/lib/virtualbox
-blacklist /usr/lib64/virtualbox
+deny  /usr/lib/virtualbox
+deny  /usr/lib64/virtualbox
 
 # prevent lxterminal connecting to an existing lxterminal session
-blacklist /tmp/.lxterminal-socket*
+deny  /tmp/.lxterminal-socket*
 # prevent tmux connecting to an existing session
-blacklist /tmp/tmux-*
+deny  /tmp/tmux-*
 
 # disable terminals running as server resulting in sandbox escape
-blacklist ${PATH}/lxterminal
-blacklist ${PATH}/gnome-terminal
-blacklist ${PATH}/gnome-terminal.wrapper
-blacklist ${PATH}/lilyterm
-blacklist ${PATH}/mate-terminal
-blacklist ${PATH}/mate-terminal.wrapper
-blacklist ${PATH}/pantheon-terminal
-blacklist ${PATH}/roxterm
-blacklist ${PATH}/roxterm-config
-blacklist ${PATH}/terminix
-blacklist ${PATH}/tilix
-blacklist ${PATH}/urxvtc
-blacklist ${PATH}/urxvtcd
-blacklist ${PATH}/xfce4-terminal
-blacklist ${PATH}/xfce4-terminal.wrapper
+deny  ${PATH}/lxterminal
+deny  ${PATH}/gnome-terminal
+deny  ${PATH}/gnome-terminal.wrapper
+deny  ${PATH}/lilyterm
+deny  ${PATH}/mate-terminal
+deny  ${PATH}/mate-terminal.wrapper
+deny  ${PATH}/pantheon-terminal
+deny  ${PATH}/roxterm
+deny  ${PATH}/roxterm-config
+deny  ${PATH}/terminix
+deny  ${PATH}/tilix
+deny  ${PATH}/urxvtc
+deny  ${PATH}/urxvtcd
+deny  ${PATH}/xfce4-terminal
+deny  ${PATH}/xfce4-terminal.wrapper
 # blacklist ${PATH}/konsole
 # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04
 
 # kernel files
-blacklist /initrd*
-blacklist /vmlinuz*
+deny  /initrd*
+deny  /vmlinuz*
 
 # snapshot files
-blacklist /.snapshots
+deny  /.snapshots
 
 # flatpak
-blacklist ${HOME}/.cache/flatpak
-blacklist ${HOME}/.config/flatpak
-noblacklist ${HOME}/.local/share/flatpak/exports
+deny  ${HOME}/.cache/flatpak
+deny  ${HOME}/.config/flatpak
+nodeny  ${HOME}/.local/share/flatpak/exports
 read-only ${HOME}/.local/share/flatpak/exports
-blacklist ${HOME}/.local/share/flatpak/*
-blacklist ${HOME}/.var
-blacklist ${RUNUSER}/app
-blacklist ${RUNUSER}/doc
-blacklist ${RUNUSER}/.dbus-proxy
-blacklist ${RUNUSER}/.flatpak
-blacklist ${RUNUSER}/.flatpak-cache
-blacklist ${RUNUSER}/.flatpak-helper
-blacklist /usr/share/flatpak
-noblacklist /var/lib/flatpak/exports
-blacklist /var/lib/flatpak/*
+deny  ${HOME}/.local/share/flatpak/*
+deny  ${HOME}/.var
+deny  ${RUNUSER}/app
+deny  ${RUNUSER}/doc
+deny  ${RUNUSER}/.dbus-proxy
+deny  ${RUNUSER}/.flatpak
+deny  ${RUNUSER}/.flatpak-cache
+deny  ${RUNUSER}/.flatpak-helper
+deny  /usr/share/flatpak
+nodeny  /var/lib/flatpak/exports
+deny  /var/lib/flatpak/*
 # most of the time bwrap is SUID binary
-blacklist ${PATH}/bwrap
+deny  ${PATH}/bwrap
 
 # snap
-blacklist ${RUNUSER}/snapd-session-agent.socket
+deny  ${RUNUSER}/snapd-session-agent.socket
 
 # mail directories used by mutt
-blacklist ${HOME}/.Mail
-blacklist ${HOME}/.mail
-blacklist ${HOME}/.signature
-blacklist ${HOME}/Mail
-blacklist ${HOME}/mail
-blacklist ${HOME}/postponed
-blacklist ${HOME}/sent
+deny  ${HOME}/.Mail
+deny  ${HOME}/.mail
+deny  ${HOME}/.signature
+deny  ${HOME}/Mail
+deny  ${HOME}/mail
+deny  ${HOME}/postponed
+deny  ${HOME}/sent
 
 # kernel configuration
-blacklist /proc/config.gz
+deny  /proc/config.gz
 
 # prevent DNS malware attempting to communicate with the server
 # using regular DNS tools
-blacklist ${PATH}/dig
-blacklist ${PATH}/dlint
-blacklist ${PATH}/dns2tcp
-blacklist ${PATH}/dnssec-*
-blacklist ${PATH}/dnswalk
-blacklist ${PATH}/drill
-blacklist ${PATH}/host
-blacklist ${PATH}/iodine
-blacklist ${PATH}/kdig
-blacklist ${PATH}/khost
-blacklist ${PATH}/knsupdate
-blacklist ${PATH}/ldns-*
-blacklist ${PATH}/ldnsd
-blacklist ${PATH}/nslookup
-blacklist ${PATH}/resolvectl
-blacklist ${PATH}/unbound-host
+deny  ${PATH}/dig
+deny  ${PATH}/dlint
+deny  ${PATH}/dns2tcp
+deny  ${PATH}/dnssec-*
+deny  ${PATH}/dnswalk
+deny  ${PATH}/drill
+deny  ${PATH}/host
+deny  ${PATH}/iodine
+deny  ${PATH}/kdig
+deny  ${PATH}/khost
+deny  ${PATH}/knsupdate
+deny  ${PATH}/ldns-*
+deny  ${PATH}/ldnsd
+deny  ${PATH}/nslookup
+deny  ${PATH}/resolvectl
+deny  ${PATH}/unbound-host
 
 # rest of ${RUNUSER}
-blacklist ${RUNUSER}/*.lock
-blacklist ${RUNUSER}/inaccessible
-blacklist ${RUNUSER}/pk-debconf-socket
-blacklist ${RUNUSER}/update-notifier.pid
+deny  ${RUNUSER}/*.lock
+deny  ${RUNUSER}/inaccessible
+deny  ${RUNUSER}/pk-debconf-socket
+deny  ${RUNUSER}/update-notifier.pid
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc
index e74b1b40b3d..a893eb3f37f 100644
--- a/etc/inc/disable-devel.inc
+++ b/etc/inc/disable-devel.inc
@@ -5,65 +5,65 @@ include disable-devel.local
 # development tools
 
 # clang/llvm
-blacklist ${PATH}/clang*
-blacklist ${PATH}/lldb*
-blacklist ${PATH}/llvm*
+deny  ${PATH}/clang*
+deny  ${PATH}/lldb*
+deny  ${PATH}/llvm*
 # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
 # blacklist /usr/lib/llvm*
 
 # GCC
-blacklist ${PATH}/as
-blacklist ${PATH}/cc
-blacklist ${PATH}/c++*
-blacklist ${PATH}/c8*
-blacklist ${PATH}/c9*
-blacklist ${PATH}/cpp*
-blacklist ${PATH}/g++*
-blacklist ${PATH}/gcc*
-blacklist ${PATH}/gdb
-blacklist ${PATH}/ld
-blacklist ${PATH}/*-gcc*
-blacklist ${PATH}/*-g++*
-blacklist ${PATH}/*-gcc*
-blacklist ${PATH}/*-g++*
+deny  ${PATH}/as
+deny  ${PATH}/cc
+deny  ${PATH}/c++*
+deny  ${PATH}/c8*
+deny  ${PATH}/c9*
+deny  ${PATH}/cpp*
+deny  ${PATH}/g++*
+deny  ${PATH}/gcc*
+deny  ${PATH}/gdb
+deny  ${PATH}/ld
+deny  ${PATH}/*-gcc*
+deny  ${PATH}/*-g++*
+deny  ${PATH}/*-gcc*
+deny  ${PATH}/*-g++*
 # seems to create problems on Gentoo
 #blacklist /usr/lib/gcc
 
 #Go
-blacklist ${PATH}/gccgo
-blacklist ${PATH}/go
-blacklist ${PATH}/gofmt
+deny  ${PATH}/gccgo
+deny  ${PATH}/go
+deny  ${PATH}/gofmt
 
 # Java
-blacklist ${PATH}/java
-blacklist ${PATH}/javac
-blacklist /etc/java
-blacklist /usr/lib/java
-blacklist /usr/share/java
+deny  ${PATH}/java
+deny  ${PATH}/javac
+deny  /etc/java
+deny  /usr/lib/java
+deny  /usr/share/java
 
 #OpenSSL
-blacklist ${PATH}/openssl
-blacklist ${PATH}/openssl-1.0
+deny  ${PATH}/openssl
+deny  ${PATH}/openssl-1.0
 
 #Rust
-blacklist ${PATH}/rust-gdb
-blacklist ${PATH}/rust-lldb
-blacklist ${PATH}/rustc
-blacklist ${HOME}/.rustup
+deny  ${PATH}/rust-gdb
+deny  ${PATH}/rust-lldb
+deny  ${PATH}/rustc
+deny  ${HOME}/.rustup
 
 # tcc - Tiny C Compiler
-blacklist ${PATH}/tcc
-blacklist ${PATH}/x86_64-tcc
-blacklist /usr/lib/tcc
+deny  ${PATH}/tcc
+deny  ${PATH}/x86_64-tcc
+deny  /usr/lib/tcc
 
 # Valgrind
-blacklist ${PATH}/valgrind*
-blacklist /usr/lib/valgrind
+deny  ${PATH}/valgrind*
+deny  /usr/lib/valgrind
 
 
 # Source-Code
 
-blacklist /usr/src
-blacklist /usr/local/src
-blacklist /usr/include
-blacklist /usr/local/include
+deny  /usr/src
+deny  /usr/local/src
+deny  /usr/include
+deny  /usr/local/include
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc
index 5d8a236fbf8..c77d9a490ce 100644
--- a/etc/inc/disable-interpreters.inc
+++ b/etc/inc/disable-interpreters.inc
@@ -3,66 +3,66 @@
 include disable-interpreters.local
 
 # gjs
-blacklist ${PATH}/gjs
-blacklist ${PATH}/gjs-console
-blacklist /usr/lib/gjs
-blacklist /usr/lib/libgjs*
-blacklist /usr/lib64/gjs
-blacklist /usr/lib64/libgjs*
+deny  ${PATH}/gjs
+deny  ${PATH}/gjs-console
+deny  /usr/lib/gjs
+deny  /usr/lib/libgjs*
+deny  /usr/lib64/gjs
+deny  /usr/lib64/libgjs*
 
 # Lua
-blacklist ${PATH}/lua*
-blacklist /usr/include/lua*
-blacklist /usr/lib/liblua*
-blacklist /usr/lib/lua
-blacklist /usr/lib64/liblua*
-blacklist /usr/lib64/lua
-blacklist /usr/share/lua*
+deny  ${PATH}/lua*
+deny  /usr/include/lua*
+deny  /usr/lib/liblua*
+deny  /usr/lib/lua
+deny  /usr/lib64/liblua*
+deny  /usr/lib64/lua
+deny  /usr/share/lua*
 
 # mozjs
-blacklist /usr/lib/libmozjs-*
-blacklist /usr/lib64/libmozjs-*
+deny  /usr/lib/libmozjs-*
+deny  /usr/lib64/libmozjs-*
 
 # Node.js
-blacklist ${PATH}/node
-blacklist /usr/include/node
+deny  ${PATH}/node
+deny  /usr/include/node
 
 # nvm
-blacklist ${HOME}/.nvm
+deny  ${HOME}/.nvm
 
 # Perl
-blacklist ${PATH}/core_perl
-blacklist ${PATH}/cpan*
-blacklist ${PATH}/perl
-blacklist ${PATH}/site_perl
-blacklist ${PATH}/vendor_perl
-blacklist /usr/lib/perl*
-blacklist /usr/lib64/perl*
-blacklist /usr/share/perl*
+deny  ${PATH}/core_perl
+deny  ${PATH}/cpan*
+deny  ${PATH}/perl
+deny  ${PATH}/site_perl
+deny  ${PATH}/vendor_perl
+deny  /usr/lib/perl*
+deny  /usr/lib64/perl*
+deny  /usr/share/perl*
 
 # PHP
-blacklist ${PATH}/php*
-blacklist /usr/lib/php*
-blacklist /usr/share/php*
+deny  ${PATH}/php*
+deny  /usr/lib/php*
+deny  /usr/share/php*
 
 # Ruby
-blacklist ${PATH}/ruby
-blacklist /usr/lib/ruby
+deny  ${PATH}/ruby
+deny  /usr/lib/ruby
 
 # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus
 # Python 2
-blacklist ${PATH}/python2*
-blacklist /usr/include/python2*
-blacklist /usr/lib/python2*
-blacklist /usr/local/lib/python2*
-blacklist /usr/share/python2*
+deny  ${PATH}/python2*
+deny  /usr/include/python2*
+deny  /usr/lib/python2*
+deny  /usr/local/lib/python2*
+deny  /usr/share/python2*
 
 # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026)
 
 # Python 3
-blacklist ${PATH}/python3*
-blacklist /usr/include/python3*
-blacklist /usr/lib/python3*
-blacklist /usr/lib64/python3*
-blacklist /usr/local/lib/python3*
-blacklist /usr/share/python3*
+deny  ${PATH}/python3*
+deny  /usr/include/python3*
+deny  /usr/lib/python3*
+deny  /usr/lib64/python3*
+deny  /usr/local/lib/python3*
+deny  /usr/share/python3*
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc
index 3ed9a1b14f9..0a61bc46f7f 100644
--- a/etc/inc/disable-passwdmgr.inc
+++ b/etc/inc/disable-passwdmgr.inc
@@ -2,18 +2,18 @@
 # Persistent customizations should go in a .local file.
 include disable-passwdmgr.local
 
-blacklist ${HOME}/.config/Bitwarden
-blacklist ${HOME}/.config/KeePass
-blacklist ${HOME}/.config/keepass
-blacklist ${HOME}/.config/keepassx
-blacklist ${HOME}/.config/keepassxc
-blacklist ${HOME}/.config/KeePassXCrc
-blacklist ${HOME}/.config/Sinew Software Systems
-blacklist ${HOME}/.fpm
-blacklist ${HOME}/.keepass
-blacklist ${HOME}/.keepassx
-blacklist ${HOME}/.keepassxc
-blacklist ${HOME}/.lastpass
-blacklist ${HOME}/.local/share/KeePass
-blacklist ${HOME}/.local/share/keepass
-blacklist ${HOME}/.password-store
+deny  ${HOME}/.config/Bitwarden
+deny  ${HOME}/.config/KeePass
+deny  ${HOME}/.config/keepass
+deny  ${HOME}/.config/keepassx
+deny  ${HOME}/.config/keepassxc
+deny  ${HOME}/.config/KeePassXCrc
+deny  ${HOME}/.config/Sinew Software Systems
+deny  ${HOME}/.fpm
+deny  ${HOME}/.keepass
+deny  ${HOME}/.keepassx
+deny  ${HOME}/.keepassxc
+deny  ${HOME}/.lastpass
+deny  ${HOME}/.local/share/KeePass
+deny  ${HOME}/.local/share/keepass
+deny  ${HOME}/.password-store
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 0e575e5ebf2..8a32bc68571 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -2,1094 +2,1094 @@
 # Persistent customizations should go in a .local file.
 include disable-programs.local
 
-blacklist ${HOME}/Arduino
-blacklist ${HOME}/i2p
-blacklist ${HOME}/Monero/wallets
-blacklist ${HOME}/Nextcloud
-blacklist ${HOME}/Nextcloud/Notes
-blacklist ${HOME}/SoftMaker
-blacklist ${HOME}/Standard Notes Backups
-blacklist ${HOME}/TeamSpeak3-Client-linux_x86
-blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
-blacklist ${HOME}/hyperrogue.ini
-blacklist ${HOME}/mps
-blacklist ${HOME}/wallet.dat
-blacklist ${HOME}/.*coin
-blacklist ${HOME}/.8pecxstudios
-blacklist ${HOME}/.AndroidStudio*
-blacklist ${HOME}/.Atom
-blacklist ${HOME}/.CLion*
-blacklist ${HOME}/.FBReader
-blacklist ${HOME}/.FontForge
-blacklist ${HOME}/.IdeaIC*
-blacklist ${HOME}/.LuminanceHDR
-blacklist ${HOME}/.Mathematica
-blacklist ${HOME}/.Natron
-blacklist ${HOME}/.PlayOnLinux
-blacklist ${HOME}/.PyCharm*
-blacklist ${HOME}/.Sayonara
-blacklist ${HOME}/.Steam
-blacklist ${HOME}/.Steampath
-blacklist ${HOME}/.Steampid
-blacklist ${HOME}/.TelegramDesktop
-blacklist ${HOME}/.VSCodium
-blacklist ${HOME}/.ViberPC
-blacklist ${HOME}/.VirtualBox
-blacklist ${HOME}/.WebStorm*
-blacklist ${HOME}/.Wolfram Research
-blacklist ${HOME}/.ZAP
-blacklist ${HOME}/.abook
-blacklist ${HOME}/.addressbook
-blacklist ${HOME}/.alpine-smime
-blacklist ${HOME}/.aMule
-blacklist ${HOME}/.android
-blacklist ${HOME}/.anydesk
-blacklist ${HOME}/.arduino15
-blacklist ${HOME}/.aria2
-blacklist ${HOME}/.arm
-blacklist ${HOME}/.asunder_album_artist
-blacklist ${HOME}/.asunder_album_genre
-blacklist ${HOME}/.asunder_album_title
-blacklist ${HOME}/.atom
-blacklist ${HOME}/.attic
-blacklist ${HOME}/.audacity-data
-blacklist ${HOME}/.avidemux6
-blacklist ${HOME}/.ballbuster.hs
-blacklist ${HOME}/.balsa
-blacklist ${HOME}/.bcast5
-blacklist ${HOME}/.bibletime
-blacklist ${HOME}/.bitcoin
-blacklist ${HOME}/.blobby
-blacklist ${HOME}/.bogofilter
-blacklist ${HOME}/.bzf
-blacklist ${HOME}/.cargo/*
-blacklist ${HOME}/.claws-mail
-blacklist ${HOME}/.cliqz
-blacklist ${HOME}/.clonk
-blacklist ${HOME}/.config/0ad
-blacklist ${HOME}/.config/2048-qt
-blacklist ${HOME}/.config/Atom
-blacklist ${HOME}/.config/Audaciousrc
-blacklist ${HOME}/.config/Authenticator
-blacklist ${HOME}/.config/Beaker Browser
-blacklist ${HOME}/.config/Bitcoin
-blacklist ${HOME}/.config/Bitwarden
-blacklist ${HOME}/.config/Brackets
-blacklist ${HOME}/.config/BraveSoftware
-blacklist ${HOME}/.config/Clementine
-blacklist ${HOME}/.config/Code
-blacklist ${HOME}/.config/Code - OSS
-blacklist ${HOME}/.config/Code Industry
-blacklist ${HOME}/.config/Cryptocat
-blacklist ${HOME}/.config/Debauchee/Barrier.conf
-blacklist ${HOME}/.config/Dharkael
-blacklist ${HOME}/.config/Element
-blacklist ${HOME}/.config/Element (Riot)
-blacklist ${HOME}/.config/ENCOM
-blacklist ${HOME}/.config/Enox
-blacklist ${HOME}/.config/Epic
-blacklist ${HOME}/.config/Ferdi
-blacklist ${HOME}/.config/Flavio Tordini
-blacklist ${HOME}/.config/Franz
-blacklist ${HOME}/.config/FreeCAD
-blacklist ${HOME}/.config/FreeTube
-blacklist ${HOME}/.config/Fritzing
-blacklist ${HOME}/.config/GIMP
-blacklist ${HOME}/.config/GitHub Desktop
-blacklist ${HOME}/.config/Gitter
-blacklist ${HOME}/.config/Google
-blacklist ${HOME}/.config/Google Play Music Desktop Player
-blacklist ${HOME}/.config/Gpredict
-blacklist ${HOME}/.config/INRIA
-blacklist ${HOME}/.config/InSilmaril
-blacklist ${HOME}/.config/Jitsi Meet
-blacklist ${HOME}/.config/KDE/neochat
-blacklist ${HOME}/.config/Kid3
-blacklist ${HOME}/.config/Kingsoft
-blacklist ${HOME}/.config/LibreCAD
-blacklist ${HOME}/.config/Loop_Hero
-blacklist ${HOME}/.config/Luminance
-blacklist ${HOME}/.config/LyX
-blacklist ${HOME}/.config/Mattermost
-blacklist ${HOME}/.config/Meltytech
-blacklist ${HOME}/.config/Mendeley Ltd.
-blacklist ${HOME}/.config/Min
-blacklist ${HOME}/.config/ModTheSpire
-blacklist ${HOME}/.config/Mousepad
-blacklist ${HOME}/.config/Mumble
-blacklist ${HOME}/.config/MusE
-blacklist ${HOME}/.config/MuseScore
-blacklist ${HOME}/.config/MusicBrainz
-blacklist ${HOME}/.config/Nathan Osman
-blacklist ${HOME}/.config/Nextcloud
-blacklist ${HOME}/.config/Nylas Mail
-blacklist ${HOME}/.config/PacmanLogViewer
-blacklist ${HOME}/.config/PawelStolowski
-blacklist ${HOME}/.config/PBE
-blacklist ${HOME}/.config/Philipp Schmieder
-blacklist ${HOME}/.config/QGIS
-blacklist ${HOME}/.config/QMediathekView
-blacklist ${HOME}/.config/Qlipper
-blacklist ${HOME}/.config/QuiteRss
-blacklist ${HOME}/.config/QuiteRssrc
-blacklist ${HOME}/.config/Quotient
-blacklist ${HOME}/.config/Rambox
-blacklist ${HOME}/.config/Riot
-blacklist ${HOME}/.config/Rocket.Chat
-blacklist ${HOME}/.config/RogueLegacy
-blacklist ${HOME}/.config/RogueLegacyStorageContainer
-blacklist ${HOME}/.config/Signal
-blacklist ${HOME}/.config/Sinew Software Systems
-blacklist ${HOME}/.config/Slack
-blacklist ${HOME}/.config/Standard Notes
-blacklist ${HOME}/.config/SubDownloader
-blacklist ${HOME}/.config/Thunar
-blacklist ${HOME}/.config/Twitch
-blacklist ${HOME}/.config/Unknown Organization
-blacklist ${HOME}/.config/VirtualBox
-blacklist ${HOME}/.config/Wire
-blacklist ${HOME}/.config/Youtube
-blacklist ${HOME}/.config/Zeal
-blacklist ${HOME}/.config/ZeGrapher Project
-blacklist ${HOME}/.config/aacs
-blacklist ${HOME}/.config/abiword
-blacklist ${HOME}/.config/agenda
-blacklist ${HOME}/.config/akonadi*
-blacklist ${HOME}/.config/akregatorrc
-blacklist ${HOME}/.config/alacritty
-blacklist ${HOME}/.config/ardour4
-blacklist ${HOME}/.config/ardour5
-blacklist ${HOME}/.config/aria2
-blacklist ${HOME}/.config/arkrc
-blacklist ${HOME}/.config/artha.conf
-blacklist ${HOME}/.config/artha.log
-blacklist ${HOME}/.config/asunder
-blacklist ${HOME}/.config/atril
-blacklist ${HOME}/.config/audacious
-blacklist ${HOME}/.config/autokey
-blacklist ${HOME}/.config/avidemux3_qt5rc
-blacklist ${HOME}/.config/aweather
-blacklist ${HOME}/.config/backintime
-blacklist ${HOME}/.config/baloofilerc
-blacklist ${HOME}/.config/baloorc
-blacklist ${HOME}/.config/bcompare
-blacklist ${HOME}/.config/blender
-blacklist ${HOME}/.config/bless
-blacklist ${HOME}/.config/bnox
-blacklist ${HOME}/.config/borg
-blacklist ${HOME}/.config/brasero
-blacklist ${HOME}/.config/brave
-blacklist ${HOME}/.config/brave-flags.conf
-blacklist ${HOME}/.config/caja
-blacklist ${HOME}/.config/calibre
-blacklist ${HOME}/.config/cantata
-blacklist ${HOME}/.config/catfish
-blacklist ${HOME}/.config/cawbird
-blacklist ${HOME}/.config/celluloid
-blacklist ${HOME}/.config/cherrytree
-blacklist ${HOME}/.config/chrome-beta-flags.conf
-blacklist ${HOME}/.config/chrome-beta-flags.config
-blacklist ${HOME}/.config/chrome-flags.conf
-blacklist ${HOME}/.config/chrome-flags.config
-blacklist ${HOME}/.config/chrome-unstable-flags.conf
-blacklist ${HOME}/.config/chrome-unstable-flags.config
-blacklist ${HOME}/.config/chromium
-blacklist ${HOME}/.config/chromium-dev
-blacklist ${HOME}/.config/chromium-flags.conf
-blacklist ${HOME}/.config/clipit
-blacklist ${HOME}/.config/cliqz
-blacklist ${HOME}/.config/cmus
-blacklist ${HOME}/.config/com.github.bleakgrey.tootle
-blacklist ${HOME}/.config/corebird
-blacklist ${HOME}/.config/cower
-blacklist ${HOME}/.config/coyim
-blacklist ${HOME}/.config/darktable
-blacklist ${HOME}/.config/deadbeef
-blacklist ${HOME}/.config/deluge
-blacklist ${HOME}/.config/devilspie2
-blacklist ${HOME}/.config/digikam
-blacklist ${HOME}/.config/digikamrc
-blacklist ${HOME}/.config/discord
-blacklist ${HOME}/.config/discordcanary
-blacklist ${HOME}/.config/dkl
-blacklist ${HOME}/.config/dnox
-blacklist ${HOME}/.config/dolphin-emu
-blacklist ${HOME}/.config/dolphinrc
-blacklist ${HOME}/.config/dragonplayerrc
-blacklist ${HOME}/.config/draw.io
-blacklist ${HOME}/.config/d-feet
-blacklist ${HOME}/.config/electron-mail
-blacklist ${HOME}/.config/emaildefaults
-blacklist ${HOME}/.config/emailidentities
-blacklist ${HOME}/.config/emilia
-blacklist ${HOME}/.config/enchant
-blacklist ${HOME}/.config/eog
-blacklist ${HOME}/.config/epiphany
-blacklist ${HOME}/.config/equalx
-blacklist ${HOME}/.config/evince
-blacklist ${HOME}/.config/evolution
-blacklist ${HOME}/.config/falkon
-blacklist ${HOME}/.config/filezilla
-blacklist ${HOME}/.config/flameshot
-blacklist ${HOME}/.config/flaska.net
-blacklist ${HOME}/.config/flowblade
-blacklist ${HOME}/.config/font-manager
-blacklist ${HOME}/.config/freecol
-blacklist ${HOME}/.config/gajim
-blacklist ${HOME}/.config/galculator
-blacklist ${HOME}/.config/gconf
-blacklist ${HOME}/.config/geany
-blacklist ${HOME}/.config/geary
-blacklist ${HOME}/.config/gedit
-blacklist ${HOME}/.config/geeqie
-blacklist ${HOME}/.config/ghb
-blacklist ${HOME}/.config/ghostwriter
-blacklist ${HOME}/.config/git
-blacklist ${HOME}/.config/git-cola
-blacklist ${HOME}/.config/glade.conf
-blacklist ${HOME}/.config/globaltime
-blacklist ${HOME}/.config/gmpc
-blacklist ${HOME}/.config/gnome-builder
-blacklist ${HOME}/.config/gnome-chess
-blacklist ${HOME}/.config/gnome-control-center
-blacklist ${HOME}/.config/gnome-initial-setup-done
-blacklist ${HOME}/.config/gnome-latex
-blacklist ${HOME}/.config/gnome-mplayer
-blacklist ${HOME}/.config/gnome-mpv
-blacklist ${HOME}/.config/gnome-pie
-blacklist ${HOME}/.config/gnome-session
-blacklist ${HOME}/.config/gnote
-blacklist ${HOME}/.config/godot
-blacklist ${HOME}/.config/google-chrome
-blacklist ${HOME}/.config/google-chrome-beta
-blacklist ${HOME}/.config/google-chrome-unstable
-blacklist ${HOME}/.config/gpicview
-blacklist ${HOME}/.config/gthumb
-blacklist ${HOME}/.config/gummi
-blacklist ${HOME}/.config/guvcview2
-blacklist ${HOME}/.config/gwenviewrc
-blacklist ${HOME}/.config/hexchat
-blacklist ${HOME}/.config/homebank
-blacklist ${HOME}/.config/i2p
-blacklist ${HOME}/.config/inkscape
-blacklist ${HOME}/.config/inox
-blacklist ${HOME}/.config/iridium
-blacklist ${HOME}/.config/itch
-blacklist ${HOME}/.config/jami
-blacklist ${HOME}/.config/jd-gui.cfg
-blacklist ${HOME}/.config/k3brc
-blacklist ${HOME}/.config/kaffeinerc
-blacklist ${HOME}/.config/kalgebrarc
-blacklist ${HOME}/.config/katemetainfos
-blacklist ${HOME}/.config/katepartrc
-blacklist ${HOME}/.config/katerc
-blacklist ${HOME}/.config/kateschemarc
-blacklist ${HOME}/.config/katesyntaxhighlightingrc
-blacklist ${HOME}/.config/katevirc
-blacklist ${HOME}/.config/kazam
-blacklist ${HOME}/.config/kdeconnect
-blacklist ${HOME}/.config/kdenliverc
-blacklist ${HOME}/.config/kdiff3fileitemactionrc
-blacklist ${HOME}/.config/kdiff3rc
-blacklist ${HOME}/.config/kfindrc
-blacklist ${HOME}/.config/kgetrc
-blacklist ${HOME}/.config/kid3rc
-blacklist ${HOME}/.config/klavaro
-blacklist ${HOME}/.config/klipperrc
-blacklist ${HOME}/.config/kmail2rc
-blacklist ${HOME}/.config/kmailsearchindexingrc
-blacklist ${HOME}/.config/kmplayerrc
-blacklist ${HOME}/.config/knotesrc
-blacklist ${HOME}/.config/konversationrc
-blacklist ${HOME}/.config/konversation.notifyrc
-blacklist ${HOME}/.config/kritarc
-blacklist ${HOME}/.config/ktorrentrc
-blacklist ${HOME}/.config/ktouch2rc
-blacklist ${HOME}/.config/kube
-blacklist ${HOME}/.config/kwriterc
-blacklist ${HOME}/.config/leafpad
-blacklist ${HOME}/.config/libreoffice
-blacklist ${HOME}/.config/liferea
-blacklist ${HOME}/.config/linphone
-blacklist ${HOME}/.config/lugaru
-blacklist ${HOME}/.config/lutris
-blacklist ${HOME}/.config/lximage-qt
-blacklist ${HOME}/.config/mailtransports
-blacklist ${HOME}/.config/mana
-blacklist ${HOME}/.config/mate-calc
-blacklist ${HOME}/.config/mate/eom
-blacklist ${HOME}/.config/mate/mate-dictionary
-blacklist ${HOME}/.config/matrix-mirage
-blacklist ${HOME}/.config/mcomix
-blacklist ${HOME}/.config/meld
-blacklist ${HOME}/.config/meteo-qt
-blacklist ${HOME}/.config/menulibre.cfg
-blacklist ${HOME}/.config/mfusion
-blacklist ${HOME}/.config/Microsoft
-blacklist ${HOME}/.config/microsoft-edge-dev
-blacklist ${HOME}/.config/midori
-blacklist ${HOME}/.config/mirage
-blacklist ${HOME}/.config/mono
-blacklist ${HOME}/.config/mpDris2
-blacklist ${HOME}/.config/mpd
-blacklist ${HOME}/.config/mps-youtube
-blacklist ${HOME}/.config/mpv
-blacklist ${HOME}/.config/mupen64plus
-blacklist ${HOME}/.config/mutt
-blacklist ${HOME}/.config/mutter
-blacklist ${HOME}/.config/mypaint
-blacklist ${HOME}/.config/nano
-blacklist ${HOME}/.config/nautilus
-blacklist ${HOME}/.config/nemo
-blacklist ${HOME}/.config/neochatrc
-blacklist ${HOME}/.config/neochat.notifyrc
-blacklist ${HOME}/.config/neomutt
-blacklist ${HOME}/.config/netsurf
-blacklist ${HOME}/.config/newsbeuter
-blacklist ${HOME}/.config/newsboat
-blacklist ${HOME}/.config/newsflash
-blacklist ${HOME}/.config/nheko
-blacklist ${HOME}/.config/NitroShare
-blacklist ${HOME}/.config/nomacs
-blacklist ${HOME}/.config/nuclear
-blacklist ${HOME}/.config/obs-studio
-blacklist ${HOME}/.config/okularpartrc
-blacklist ${HOME}/.config/okularrc
-blacklist ${HOME}/.config/onboard
-blacklist ${HOME}/.config/onionshare
-blacklist ${HOME}/.config/onlyoffice
-blacklist ${HOME}/.config/openmw
-blacklist ${HOME}/.config/opera
-blacklist ${HOME}/.config/opera-beta
-blacklist ${HOME}/.config/orage
-blacklist ${HOME}/.config/org.gabmus.gfeeds.json
-blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-blacklist ${HOME}/.config/org.kde.gwenviewrc
-blacklist ${HOME}/.config/otter
-blacklist ${HOME}/.config/pavucontrol-qt
-blacklist ${HOME}/.config/pavucontrol.ini
-blacklist ${HOME}/.config/pcmanfm
-blacklist ${HOME}/.config/pdfmod
-blacklist ${HOME}/.config/Pinta
-blacklist ${HOME}/.config/pipe-viewer
-blacklist ${HOME}/.config/pitivi
-blacklist ${HOME}/.config/pix
-blacklist ${HOME}/.config/pluma
-blacklist ${HOME}/.config/ppsspp
-blacklist ${HOME}/.config/pragha
-blacklist ${HOME}/.config/profanity
-blacklist ${HOME}/.config/psi
-blacklist ${HOME}/.config/psi+
-blacklist ${HOME}/.config/qBittorrent
-blacklist ${HOME}/.config/qBittorrentrc
-blacklist ${HOME}/.config/qnapi.ini
-blacklist ${HOME}/.config/qpdfview
-blacklist ${HOME}/.config/quodlibet
-blacklist ${HOME}/.config/qupzilla
-blacklist ${HOME}/.config/qutebrowser
-blacklist ${HOME}/.config/ranger
-blacklist ${HOME}/.config/redshift
-blacklist ${HOME}/.config/redshift.conf
-blacklist ${HOME}/.config/remmina
-blacklist ${HOME}/.config/ristretto
-blacklist ${HOME}/.config/rtv
-blacklist ${HOME}/.config/scribus
-blacklist ${HOME}/.config/scribusrc
-blacklist ${HOME}/.config/sinew.in
-blacklist ${HOME}/.config/sink
-blacklist ${HOME}/.config/skypeforlinux
-blacklist ${HOME}/.config/slimjet
-blacklist ${HOME}/.config/smplayer
-blacklist ${HOME}/.config/smtube
-blacklist ${HOME}/.config/smuxi
-blacklist ${HOME}/.config/snox
-blacklist ${HOME}/.config/sound-juicer
-blacklist ${HOME}/.config/specialmailcollectionsrc
-blacklist ${HOME}/.config/spectaclerc
-blacklist ${HOME}/.config/spotify
-blacklist ${HOME}/.config/sqlitebrowser
-blacklist ${HOME}/.config/stellarium
-blacklist ${HOME}/.config/strawberry
-blacklist ${HOME}/.config/straw-viewer
-blacklist ${HOME}/.config/supertuxkart
-blacklist ${HOME}/.config/synfig
-blacklist ${HOME}/.config/teams
-blacklist ${HOME}/.config/teams-for-linux
-blacklist ${HOME}/.config/telepathy-account-widgets
-blacklist ${HOME}/.config/torbrowser
-blacklist ${HOME}/.config/totem
-blacklist ${HOME}/.config/tox
-blacklist ${HOME}/.config/transgui
-blacklist ${HOME}/.config/transmission
-blacklist ${HOME}/.config/truecraft
-blacklist ${HOME}/.config/tuta_integration
-blacklist ${HOME}/.config/tutanota-desktop
-blacklist ${HOME}/.config/tvbrowser
-blacklist ${HOME}/.config/uGet
-blacklist ${HOME}/.config/ungoogled-chromium
-blacklist ${HOME}/.config/uzbl
-blacklist ${HOME}/.config/viewnior
-blacklist ${HOME}/.config/vivaldi
-blacklist ${HOME}/.config/vivaldi-snapshot
-blacklist ${HOME}/.config/vlc
-blacklist ${HOME}/.config/wesnoth
-blacklist ${HOME}/.config/wormux
-blacklist ${HOME}/.config/Whalebird
-blacklist ${HOME}/.config/wireshark
-blacklist ${HOME}/.config/xchat
-blacklist ${HOME}/.config/xed
-blacklist ${HOME}/.config/xfburn
-blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
-blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
-blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
-blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-blacklist ${HOME}/.config/xfce4-dict
-blacklist ${HOME}/.config/xiaoyong
-blacklist ${HOME}/.config/xmms2
-blacklist ${HOME}/.config/xplayer
-blacklist ${HOME}/.config/xreader
-blacklist ${HOME}/.config/xviewer
-blacklist ${HOME}/.config/yandex-browser
-blacklist ${HOME}/.config/yandex-browser-beta
-blacklist ${HOME}/.config/yelp
-blacklist ${HOME}/.config/youtube-dl
-blacklist ${HOME}/.config/youtube-dlg
-blacklist ${HOME}/.config/youtubemusic-nativefier-040164
-blacklist ${HOME}/.config/youtube-music-desktop-app
-blacklist ${HOME}/.config/youtube-viewer
-blacklist ${HOME}/.config/zathura
-blacklist ${HOME}/.config/zoomus.conf
-blacklist ${HOME}/.config/Zulip
-blacklist ${HOME}/.conkeror.mozdev.org
-blacklist ${HOME}/.crawl
-blacklist ${HOME}/.cups
-blacklist ${HOME}/.curl-hsts
-blacklist ${HOME}/.curlrc
-blacklist ${HOME}/.dashcore
-blacklist ${HOME}/.devilspie
-blacklist ${HOME}/.dia
-blacklist ${HOME}/.digrc
-blacklist ${HOME}/.dillo
-blacklist ${HOME}/.dooble
-blacklist ${HOME}/.dosbox
-blacklist ${HOME}/.dropbox*
-blacklist ${HOME}/.easystroke
-blacklist ${HOME}/.electron-cache
-blacklist ${HOME}/.electrum*
-blacklist ${HOME}/.elinks
-blacklist ${HOME}/.emacs
-blacklist ${HOME}/.emacs.d
-blacklist ${HOME}/.equalx
-blacklist ${HOME}/.ethereum
-blacklist ${HOME}/.etr
-blacklist ${HOME}/.filezilla
-blacklist ${HOME}/.firedragon
-blacklist ${HOME}/.flowblade
-blacklist ${HOME}/.fltk
-blacklist ${HOME}/.fossamail
-blacklist ${HOME}/.freeciv
-blacklist ${HOME}/.freecol
-blacklist ${HOME}/.freemind
-blacklist ${HOME}/.frogatto
-blacklist ${HOME}/.frozen-bubble
-blacklist ${HOME}/.funnyboat
-blacklist ${HOME}/.gimp*
-blacklist ${HOME}/.gist
-blacklist ${HOME}/.gitconfig
-blacklist ${HOME}/.gl-117
-blacklist ${HOME}/.glaxiumrc
-blacklist ${HOME}/.gnome/gnome-schedule
-blacklist ${HOME}/.googleearth
-blacklist ${HOME}/.gradle
-blacklist ${HOME}/.gramps
-blacklist ${HOME}/.guayadeque
-blacklist ${HOME}/.hashcat
-blacklist ${HOME}/.hex-a-hop
-blacklist ${HOME}/.hedgewars
-blacklist ${HOME}/.hugin
-blacklist ${HOME}/.i2p
-blacklist ${HOME}/.icedove
-blacklist ${HOME}/.imagej
-blacklist ${HOME}/.inkscape
-blacklist ${HOME}/.itch
-blacklist ${HOME}/.jack-server
-blacklist ${HOME}/.jack-settings
-blacklist ${HOME}/.jak
-blacklist ${HOME}/.java
-blacklist ${HOME}/.jd
-blacklist ${HOME}/.jitsi
-blacklist ${HOME}/.jumpnbump
-blacklist ${HOME}/.kde/share/apps/digikam
-blacklist ${HOME}/.kde/share/apps/gwenview
-blacklist ${HOME}/.kde/share/apps/kaffeine
-blacklist ${HOME}/.kde/share/apps/kcookiejar
-blacklist ${HOME}/.kde/share/apps/kget
-blacklist ${HOME}/.kde/share/apps/khtml
-blacklist ${HOME}/.kde/share/apps/klatexformula
-blacklist ${HOME}/.kde/share/apps/konqsidebartng
-blacklist ${HOME}/.kde/share/apps/konqueror
-blacklist ${HOME}/.kde/share/apps/kopete
-blacklist ${HOME}/.kde/share/apps/ktorrent
-blacklist ${HOME}/.kde/share/apps/okular
-blacklist ${HOME}/.kde/share/config/baloofilerc
-blacklist ${HOME}/.kde/share/config/baloorc
-blacklist ${HOME}/.kde/share/config/digikam
-blacklist ${HOME}/.kde/share/config/gwenviewrc
-blacklist ${HOME}/.kde/share/config/k3brc
-blacklist ${HOME}/.kde/share/config/kaffeinerc
-blacklist ${HOME}/.kde/share/config/kcookiejarrc
-blacklist ${HOME}/.kde/share/config/kfindrc
-blacklist ${HOME}/.kde/share/config/kgetrc
-blacklist ${HOME}/.kde/share/config/khtmlrc
-blacklist ${HOME}/.kde/share/config/klipperrc
-blacklist ${HOME}/.kde/share/config/kmplayerrc
-blacklist ${HOME}/.kde/share/config/konq_history
-blacklist ${HOME}/.kde/share/config/konqsidebartngrc
-blacklist ${HOME}/.kde/share/config/konquerorrc
-blacklist ${HOME}/.kde/share/config/konversationrc
-blacklist ${HOME}/.kde/share/config/kopeterc
-blacklist ${HOME}/.kde/share/config/ktorrentrc
-blacklist ${HOME}/.kde/share/config/okularpartrc
-blacklist ${HOME}/.kde/share/config/okularrc
-blacklist ${HOME}/.kde4/share/apps/digikam
-blacklist ${HOME}/.kde4/share/apps/gwenview
-blacklist ${HOME}/.kde4/share/apps/kaffeine
-blacklist ${HOME}/.kde4/share/apps/kcookiejar
-blacklist ${HOME}/.kde4/share/apps/kget
-blacklist ${HOME}/.kde4/share/apps/khtml
-blacklist ${HOME}/.kde4/share/apps/konqsidebartng
-blacklist ${HOME}/.kde4/share/apps/konqueror
-blacklist ${HOME}/.kde4/share/apps/kopete
-blacklist ${HOME}/.kde4/share/apps/ktorrent
-blacklist ${HOME}/.kde4/share/apps/okular
-blacklist ${HOME}/.kde4/share/config/baloofilerc
-blacklist ${HOME}/.kde4/share/config/baloorc
-blacklist ${HOME}/.kde4/share/config/digikam
-blacklist ${HOME}/.kde4/share/config/gwenviewrc
-blacklist ${HOME}/.kde4/share/config/k3brc
-blacklist ${HOME}/.kde4/share/config/kaffeinerc
-blacklist ${HOME}/.kde4/share/config/kcookiejarrc
-blacklist ${HOME}/.kde4/share/config/kfindrc
-blacklist ${HOME}/.kde4/share/config/kgetrc
-blacklist ${HOME}/.kde4/share/config/khtmlrc
-blacklist ${HOME}/.kde4/share/config/klipperrc
-blacklist ${HOME}/.kde4/share/config/konq_history
-blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
-blacklist ${HOME}/.kde4/share/config/konquerorrc
-blacklist ${HOME}/.kde4/share/config/konversationrc
-blacklist ${HOME}/.kde4/share/config/kopeterc
-blacklist ${HOME}/.kde4/share/config/ktorrentrc
-blacklist ${HOME}/.kde4/share/config/okularpartrc
-blacklist ${HOME}/.kde4/share/config/okularrc
-blacklist ${HOME}/.killingfloor
-blacklist ${HOME}/.kingsoft
-blacklist ${HOME}/.kino-history
-blacklist ${HOME}/.kinorc
-blacklist ${HOME}/.klatexformula
-blacklist ${HOME}/.klei
-blacklist ${HOME}/.kodi
-blacklist ${HOME}/.librewolf
-blacklist ${HOME}/.lincity-ng
-blacklist ${HOME}/.links
-blacklist ${HOME}/.links2
-blacklist ${HOME}/.linphone-history.db
-blacklist ${HOME}/.linphonerc
-blacklist ${HOME}/.lmmsrc.xml
-blacklist ${HOME}/.local/lib/vivaldi
-blacklist ${HOME}/.local/share/0ad
-blacklist ${HOME}/.local/share/3909/PapersPlease
-blacklist ${HOME}/.local/share/Anki2
-blacklist ${HOME}/.local/share/Dredmor
-blacklist ${HOME}/.local/share/Empathy
-blacklist ${HOME}/.local/share/Enpass
-blacklist ${HOME}/.local/share/Flavio Tordini
-blacklist ${HOME}/.local/share/JetBrains
-blacklist ${HOME}/.local/share/KDE/neochat
-blacklist ${HOME}/.local/share/Kingsoft
-blacklist ${HOME}/.local/share/LibreCAD
-blacklist ${HOME}/.local/share/Mendeley Ltd.
-blacklist ${HOME}/.local/share/Mumble
-blacklist ${HOME}/.local/share/Nextcloud
-blacklist ${HOME}/.local/share/PBE
-blacklist ${HOME}/.local/share/PawelStolowski
-blacklist ${HOME}/.local/share/PillarsOfEternity
-blacklist ${HOME}/.local/share/Psi
-blacklist ${HOME}/.local/share/QGIS
-blacklist ${HOME}/.local/share/QMediathekView
-blacklist ${HOME}/.local/share/QuiteRss
-blacklist ${HOME}/.local/share/Ricochet
-blacklist ${HOME}/.local/share/RogueLegacy
-blacklist ${HOME}/.local/share/RogueLegacyStorageContainer
-blacklist ${HOME}/.local/share/Shortwave
-blacklist ${HOME}/.local/share/Steam
-blacklist ${HOME}/.local/share/SteamWorldDig
-blacklist ${HOME}/.local/share/SteamWorld Dig 2
-blacklist ${HOME}/.local/share/SuperHexagon
-blacklist ${HOME}/.local/share/TelegramDesktop
-blacklist ${HOME}/.local/share/Terraria
-blacklist ${HOME}/.local/share/TpLogger
-blacklist ${HOME}/.local/share/Zeal
-blacklist ${HOME}/.local/share/akonadi*
-blacklist ${HOME}/.local/share/akregator
-blacklist ${HOME}/.local/share/agenda
-blacklist ${HOME}/.local/share/apps/korganizer
-blacklist ${HOME}/.local/share/aspyr-media
-blacklist ${HOME}/.local/share/autokey
-blacklist ${HOME}/.local/share/authenticator-rs
-blacklist ${HOME}/.local/share/backintime
-blacklist ${HOME}/.local/share/baloo
-blacklist ${HOME}/.local/share/barrier
-blacklist ${HOME}/.local/share/bibletime
-blacklist ${HOME}/.local/share/bijiben
-blacklist ${HOME}/.local/share/bohemiainteractive
-blacklist ${HOME}/.local/share/caja-python
-blacklist ${HOME}/.local/share/calligragemini
-blacklist ${HOME}/.local/share/cantata
-blacklist ${HOME}/.local/share/cdprojektred
-blacklist ${HOME}/.local/share/clipit
-blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
-blacklist ${HOME}/.local/share/contacts
-blacklist ${HOME}/.local/share/cor-games
-blacklist ${HOME}/.local/share/data/Mendeley Ltd.
-blacklist ${HOME}/.local/share/data/Mumble
-blacklist ${HOME}/.local/share/data/MusE
-blacklist ${HOME}/.local/share/data/MuseScore
-blacklist ${HOME}/.local/share/data/nomacs
-blacklist ${HOME}/.local/share/data/qBittorrent
-blacklist ${HOME}/.local/share/dino
-blacklist ${HOME}/.local/share/dolphin
-blacklist ${HOME}/.local/share/dolphin-emu
-blacklist ${HOME}/.local/share/emailidentities
-blacklist ${HOME}/.local/share/epiphany
-blacklist ${HOME}/.local/share/evolution
-blacklist ${HOME}/.local/share/FasterThanLight
-blacklist ${HOME}/.local/share/feedreader
-blacklist ${HOME}/.local/share/feral-interactive
-blacklist ${HOME}/.local/share/five-or-more
-blacklist ${HOME}/.local/share/freecol
-blacklist ${HOME}/.local/share/gajim
-blacklist ${HOME}/.local/share/geary
-blacklist ${HOME}/.local/share/geeqie
-blacklist ${HOME}/.local/share/ghostwriter
-blacklist ${HOME}/.local/share/gitg
-blacklist ${HOME}/.local/share/gnome-2048
-blacklist ${HOME}/.local/share/gnome-boxes
-blacklist ${HOME}/.local/share/gnome-builder
-blacklist ${HOME}/.local/share/gnome-chess
-blacklist ${HOME}/.local/share/gnome-klotski
-blacklist ${HOME}/.local/share/gnome-latex
-blacklist ${HOME}/.local/share/gnome-mines
-blacklist ${HOME}/.local/share/gnome-music
-blacklist ${HOME}/.local/share/gnome-nibbles
-blacklist ${HOME}/.local/share/gnome-photos
-blacklist ${HOME}/.local/share/gnome-pomodoro
-blacklist ${HOME}/.local/share/gnome-recipes
-blacklist ${HOME}/.local/share/gnome-ring
-blacklist ${HOME}/.local/share/gnome-sudoku
-blacklist ${HOME}/.local/share/gnome-twitch
-blacklist ${HOME}/.local/share/gnote
-blacklist ${HOME}/.local/share/godot
-blacklist ${HOME}/.local/share/gradio
-blacklist ${HOME}/.local/share/gwenview
-blacklist ${HOME}/.local/share/i2p
-blacklist ${HOME}/.local/share/IntoTheBreach
-blacklist ${HOME}/.local/share/jami
-blacklist ${HOME}/.local/share/kaffeine
-blacklist ${HOME}/.local/share/kalgebra
-blacklist ${HOME}/.local/share/kate
-blacklist ${HOME}/.local/share/kdenlive
-blacklist ${HOME}/.local/share/kget
-blacklist ${HOME}/.local/share/kiwix
-blacklist ${HOME}/.local/share/kiwix-desktop
-blacklist ${HOME}/.local/share/klavaro
-blacklist ${HOME}/.local/share/kmail2
-blacklist ${HOME}/.local/share/kmplayer
-blacklist ${HOME}/.local/share/knotes
-blacklist ${HOME}/.local/share/krita
-blacklist ${HOME}/.local/share/ktorrent
-blacklist ${HOME}/.local/share/ktorrentrc
-blacklist ${HOME}/.local/share/ktouch
-blacklist ${HOME}/.local/share/kube
-blacklist ${HOME}/.local/share/kwrite
-blacklist ${HOME}/.local/share/kxmlgui5/*
-blacklist ${HOME}/.local/share/liferea
-blacklist ${HOME}/.local/share/linphone
-blacklist ${HOME}/.local/share/local-mail
-blacklist ${HOME}/.local/share/lollypop
-blacklist ${HOME}/.local/share/love
-blacklist ${HOME}/.local/share/lugaru
-blacklist ${HOME}/.local/share/lutris
-blacklist ${HOME}/.local/share/man
-blacklist ${HOME}/.local/share/mana
-blacklist ${HOME}/.local/share/maps-places.json
-blacklist ${HOME}/.local/share/matrix-mirage
-blacklist ${HOME}/.local/share/mcomix
-blacklist ${HOME}/.local/share/meld
-blacklist ${HOME}/.local/share/midori
-blacklist ${HOME}/.local/share/minder
-blacklist ${HOME}/.local/share/mirage
-blacklist ${HOME}/.local/share/multimc
-blacklist ${HOME}/.local/share/multimc5
-blacklist ${HOME}/.local/share/mupen64plus
-blacklist ${HOME}/.local/share/mypaint
-blacklist ${HOME}/.local/share/nautilus
-blacklist ${HOME}/.local/share/nautilus-python
-blacklist ${HOME}/.local/share/nemo
-blacklist ${HOME}/.local/share/nemo-python
-blacklist ${HOME}/.local/share/news-flash
-blacklist ${HOME}/.local/share/newsbeuter
-blacklist ${HOME}/.local/share/newsboat
-blacklist ${HOME}/.local/share/nheko
-blacklist ${HOME}/.local/share/nomacs
-blacklist ${HOME}/.local/share/notes
-blacklist ${HOME}/.local/share/ocenaudio
-blacklist ${HOME}/.local/share/okular
-blacklist ${HOME}/.local/share/onlyoffice
-blacklist ${HOME}/.local/share/openmw
-blacklist ${HOME}/.local/share/orage
-blacklist ${HOME}/.local/share/org.kde.gwenview
-blacklist ${HOME}/.local/share/Paradox Interactive
-blacklist ${HOME}/.local/share/pix
-blacklist ${HOME}/.local/share/plasma_notes
-blacklist ${HOME}/.local/share/profanity
-blacklist ${HOME}/.local/share/psi
-blacklist ${HOME}/.local/share/psi+
-blacklist ${HOME}/.local/share/quadrapassel
-blacklist ${HOME}/.local/share/qpdfview
-blacklist ${HOME}/.local/share/qutebrowser
-blacklist ${HOME}/.local/share/remmina
-blacklist ${HOME}/.local/share/rhythmbox
-blacklist ${HOME}/.local/share/rtv
-blacklist ${HOME}/.local/share/scribus
-blacklist ${HOME}/.local/share/shotwell
-blacklist ${HOME}/.local/share/signal-cli
-blacklist ${HOME}/.local/share/sink
-blacklist ${HOME}/.local/share/smuxi
-blacklist ${HOME}/.local/share/spotify
-blacklist ${HOME}/.local/share/steam
-blacklist ${HOME}/.local/share/strawberry
-blacklist ${HOME}/.local/share/supertux2
-blacklist ${HOME}/.local/share/supertuxkart
-blacklist ${HOME}/.local/share/swell-foop
-blacklist ${HOME}/.local/share/telepathy
-blacklist ${HOME}/.local/share/terasology
-blacklist ${HOME}/.local/share/torbrowser
-blacklist ${HOME}/.local/share/totem
-blacklist ${HOME}/.local/share/uzbl
-blacklist ${HOME}/.local/share/vlc
-blacklist ${HOME}/.local/share/vpltd
-blacklist ${HOME}/.local/share/vulkan
-blacklist ${HOME}/.local/share/warsow-2.1
-blacklist ${HOME}/.local/share/wesnoth
-blacklist ${HOME}/.local/share/wormux
-blacklist ${HOME}/.local/share/xplayer
-blacklist ${HOME}/.local/share/xreader
-blacklist ${HOME}/.local/share/zathura
-blacklist ${HOME}/.lv2
-blacklist ${HOME}/.lyx
-blacklist ${HOME}/.magicor
-blacklist ${HOME}/.masterpdfeditor
-blacklist ${HOME}/.mbwarband
-blacklist ${HOME}/.mcabber
-blacklist ${HOME}/.mcabberrc
-blacklist ${HOME}/.mediathek3
-blacklist ${HOME}/.megaglest
-blacklist ${HOME}/.minecraft
-blacklist ${HOME}/.minetest
-blacklist ${HOME}/.mirrormagic
-blacklist ${HOME}/.moc
-blacklist ${HOME}/.moonchild productions/basilisk
-blacklist ${HOME}/.moonchild productions/pale moon
-blacklist ${HOME}/.mozilla
-blacklist ${HOME}/.mp3splt-gtk
-blacklist ${HOME}/.mpd
-blacklist ${HOME}/.mpdconf
-blacklist ${HOME}/.mplayer
-blacklist ${HOME}/.msmtprc
-blacklist ${HOME}/.multimc5
-blacklist ${HOME}/.nanorc
-blacklist ${HOME}/.netactview
-blacklist ${HOME}/.neverball
-blacklist ${HOME}/.newsbeuter
-blacklist ${HOME}/.newsboat
-blacklist ${HOME}/.newsrc
-blacklist ${HOME}/.nicotine
-blacklist ${HOME}/.node-gyp
-blacklist ${HOME}/.npm
-blacklist ${HOME}/.npmrc
-blacklist ${HOME}/.nv
-blacklist ${HOME}/.nvm
-blacklist ${HOME}/.nylas-mail
-blacklist ${HOME}/.openarena
-blacklist ${HOME}/.opencity
-blacklist ${HOME}/.openinvaders
-blacklist ${HOME}/.openshot
-blacklist ${HOME}/.openshot_qt
-blacklist ${HOME}/.openttd
-blacklist ${HOME}/.opera
-blacklist ${HOME}/.opera-beta
-blacklist ${HOME}/.ostrichriders
-blacklist ${HOME}/.paradoxinteractive
-blacklist ${HOME}/.parallelrealities/blobwars
-blacklist ${HOME}/.pcsxr
-blacklist ${HOME}/.penguin-command
-blacklist ${HOME}/.pine-crash
-blacklist ${HOME}/.pine-debug1
-blacklist ${HOME}/.pine-debug2
-blacklist ${HOME}/.pine-debug3
-blacklist ${HOME}/.pine-debug4
-blacklist ${HOME}/.pine-interrupted-mail
-blacklist ${HOME}/.pinerc
-blacklist ${HOME}/.pinercex
-blacklist ${HOME}/.pingus
-blacklist ${HOME}/.pioneer
-blacklist ${HOME}/.purple
-blacklist ${HOME}/.pylint.d
-blacklist ${HOME}/.qemu-launcher
-blacklist ${HOME}/.qgis2
-blacklist ${HOME}/.qmmp
-blacklist ${HOME}/.quodlibet
-blacklist ${HOME}/.redeclipse
-blacklist ${HOME}/.remmina
-blacklist ${HOME}/.repo_.gitconfig.json
-blacklist ${HOME}/.repoconfig
-blacklist ${HOME}/.retroshare
-blacklist ${HOME}/.ripperXrc
-blacklist ${HOME}/.scorched3d
-blacklist ${HOME}/.scribus
-blacklist ${HOME}/.scribusrc
-blacklist ${HOME}/.simutrans
-blacklist ${HOME}/.smartgit/*/passwords
-blacklist ${HOME}/.ssr
-blacklist ${HOME}/.steam
-blacklist ${HOME}/.steampath
-blacklist ${HOME}/.steampid
-blacklist ${HOME}/.stellarium
-blacklist ${HOME}/.subversion
-blacklist ${HOME}/.surf
-blacklist ${HOME}/.suve/colorful
-blacklist ${HOME}/.swb.ini
-blacklist ${HOME}/.sword
-blacklist ${HOME}/.sylpheed-2.0
-blacklist ${HOME}/.synfig
-blacklist ${HOME}/.tb
-blacklist ${HOME}/.tconn
-blacklist ${HOME}/.teeworlds
-blacklist ${HOME}/.texlive20*
-blacklist ${HOME}/.thunderbird
-blacklist ${HOME}/.tilp
-blacklist ${HOME}/.tin
-blacklist ${HOME}/.tooling
-blacklist ${HOME}/.tor-browser*
-blacklist ${HOME}/.torcs
-blacklist ${HOME}/.tremulous
-blacklist ${HOME}/.ts3client
-blacklist ${HOME}/.tuxguitar*
-blacklist ${HOME}/.tvbrowser
-blacklist ${HOME}/.unknown-horizons
-blacklist ${HOME}/.viking
-blacklist ${HOME}/.viking-maps
-blacklist ${HOME}/.vim
-blacklist ${HOME}/.vimrc
-blacklist ${HOME}/.vmware
-blacklist ${HOME}/.vscode
-blacklist ${HOME}/.vscode-oss
-blacklist ${HOME}/.vst
-blacklist ${HOME}/.vultures
-blacklist ${HOME}/.w3m
-blacklist ${HOME}/.warzone2100-3.*
-blacklist ${HOME}/.waterfox
-blacklist ${HOME}/.weechat
-blacklist ${HOME}/.wget-hsts
-blacklist ${HOME}/.wgetrc
-blacklist ${HOME}/.widelands
-blacklist ${HOME}/.wine
-blacklist ${HOME}/.wine64
-blacklist ${HOME}/.wireshark
-blacklist ${HOME}/.wordwarvi
-blacklist ${HOME}/.wormux
-blacklist ${HOME}/.xiphos
-blacklist ${HOME}/.xmind
-blacklist ${HOME}/.xmms
-blacklist ${HOME}/.xmr-stak
-blacklist ${HOME}/.xonotic
-blacklist ${HOME}/.xournalpp
-blacklist ${HOME}/.xpdfrc
-blacklist ${HOME}/.yarn
-blacklist ${HOME}/.yarn-config
-blacklist ${HOME}/.yarncache
-blacklist ${HOME}/.yarnrc
-blacklist ${HOME}/.zoom
-blacklist /tmp/akonadi-*
-blacklist /tmp/.wine-*
-blacklist /var/games/nethack
-blacklist /var/games/slashem
-blacklist /var/games/vulturesclaw
-blacklist /var/games/vultureseye
-blacklist /var/lib/games/Maelstrom-Scores
+deny  ${HOME}/Arduino
+deny  ${HOME}/i2p
+deny  ${HOME}/Monero/wallets
+deny  ${HOME}/Nextcloud
+deny  ${HOME}/Nextcloud/Notes
+deny  ${HOME}/SoftMaker
+deny  ${HOME}/Standard Notes Backups
+deny  ${HOME}/TeamSpeak3-Client-linux_x86
+deny  ${HOME}/TeamSpeak3-Client-linux_amd64
+deny  ${HOME}/hyperrogue.ini
+deny  ${HOME}/mps
+deny  ${HOME}/wallet.dat
+deny  ${HOME}/.*coin
+deny  ${HOME}/.8pecxstudios
+deny  ${HOME}/.AndroidStudio*
+deny  ${HOME}/.Atom
+deny  ${HOME}/.CLion*
+deny  ${HOME}/.FBReader
+deny  ${HOME}/.FontForge
+deny  ${HOME}/.IdeaIC*
+deny  ${HOME}/.LuminanceHDR
+deny  ${HOME}/.Mathematica
+deny  ${HOME}/.Natron
+deny  ${HOME}/.PlayOnLinux
+deny  ${HOME}/.PyCharm*
+deny  ${HOME}/.Sayonara
+deny  ${HOME}/.Steam
+deny  ${HOME}/.Steampath
+deny  ${HOME}/.Steampid
+deny  ${HOME}/.TelegramDesktop
+deny  ${HOME}/.VSCodium
+deny  ${HOME}/.ViberPC
+deny  ${HOME}/.VirtualBox
+deny  ${HOME}/.WebStorm*
+deny  ${HOME}/.Wolfram Research
+deny  ${HOME}/.ZAP
+deny  ${HOME}/.abook
+deny  ${HOME}/.addressbook
+deny  ${HOME}/.alpine-smime
+deny  ${HOME}/.aMule
+deny  ${HOME}/.android
+deny  ${HOME}/.anydesk
+deny  ${HOME}/.arduino15
+deny  ${HOME}/.aria2
+deny  ${HOME}/.arm
+deny  ${HOME}/.asunder_album_artist
+deny  ${HOME}/.asunder_album_genre
+deny  ${HOME}/.asunder_album_title
+deny  ${HOME}/.atom
+deny  ${HOME}/.attic
+deny  ${HOME}/.audacity-data
+deny  ${HOME}/.avidemux6
+deny  ${HOME}/.ballbuster.hs
+deny  ${HOME}/.balsa
+deny  ${HOME}/.bcast5
+deny  ${HOME}/.bibletime
+deny  ${HOME}/.bitcoin
+deny  ${HOME}/.blobby
+deny  ${HOME}/.bogofilter
+deny  ${HOME}/.bzf
+deny  ${HOME}/.cargo/*
+deny  ${HOME}/.claws-mail
+deny  ${HOME}/.cliqz
+deny  ${HOME}/.clonk
+deny  ${HOME}/.config/0ad
+deny  ${HOME}/.config/2048-qt
+deny  ${HOME}/.config/Atom
+deny  ${HOME}/.config/Audaciousrc
+deny  ${HOME}/.config/Authenticator
+deny  ${HOME}/.config/Beaker Browser
+deny  ${HOME}/.config/Bitcoin
+deny  ${HOME}/.config/Bitwarden
+deny  ${HOME}/.config/Brackets
+deny  ${HOME}/.config/BraveSoftware
+deny  ${HOME}/.config/Clementine
+deny  ${HOME}/.config/Code
+deny  ${HOME}/.config/Code - OSS
+deny  ${HOME}/.config/Code Industry
+deny  ${HOME}/.config/Cryptocat
+deny  ${HOME}/.config/Debauchee/Barrier.conf
+deny  ${HOME}/.config/Dharkael
+deny  ${HOME}/.config/Element
+deny  ${HOME}/.config/Element (Riot)
+deny  ${HOME}/.config/ENCOM
+deny  ${HOME}/.config/Enox
+deny  ${HOME}/.config/Epic
+deny  ${HOME}/.config/Ferdi
+deny  ${HOME}/.config/Flavio Tordini
+deny  ${HOME}/.config/Franz
+deny  ${HOME}/.config/FreeCAD
+deny  ${HOME}/.config/FreeTube
+deny  ${HOME}/.config/Fritzing
+deny  ${HOME}/.config/GIMP
+deny  ${HOME}/.config/GitHub Desktop
+deny  ${HOME}/.config/Gitter
+deny  ${HOME}/.config/Google
+deny  ${HOME}/.config/Google Play Music Desktop Player
+deny  ${HOME}/.config/Gpredict
+deny  ${HOME}/.config/INRIA
+deny  ${HOME}/.config/InSilmaril
+deny  ${HOME}/.config/Jitsi Meet
+deny  ${HOME}/.config/KDE/neochat
+deny  ${HOME}/.config/Kid3
+deny  ${HOME}/.config/Kingsoft
+deny  ${HOME}/.config/LibreCAD
+deny  ${HOME}/.config/Loop_Hero
+deny  ${HOME}/.config/Luminance
+deny  ${HOME}/.config/LyX
+deny  ${HOME}/.config/Mattermost
+deny  ${HOME}/.config/Meltytech
+deny  ${HOME}/.config/Mendeley Ltd.
+deny  ${HOME}/.config/Min
+deny  ${HOME}/.config/ModTheSpire
+deny  ${HOME}/.config/Mousepad
+deny  ${HOME}/.config/Mumble
+deny  ${HOME}/.config/MusE
+deny  ${HOME}/.config/MuseScore
+deny  ${HOME}/.config/MusicBrainz
+deny  ${HOME}/.config/Nathan Osman
+deny  ${HOME}/.config/Nextcloud
+deny  ${HOME}/.config/Nylas Mail
+deny  ${HOME}/.config/PacmanLogViewer
+deny  ${HOME}/.config/PawelStolowski
+deny  ${HOME}/.config/PBE
+deny  ${HOME}/.config/Philipp Schmieder
+deny  ${HOME}/.config/QGIS
+deny  ${HOME}/.config/QMediathekView
+deny  ${HOME}/.config/Qlipper
+deny  ${HOME}/.config/QuiteRss
+deny  ${HOME}/.config/QuiteRssrc
+deny  ${HOME}/.config/Quotient
+deny  ${HOME}/.config/Rambox
+deny  ${HOME}/.config/Riot
+deny  ${HOME}/.config/Rocket.Chat
+deny  ${HOME}/.config/RogueLegacy
+deny  ${HOME}/.config/RogueLegacyStorageContainer
+deny  ${HOME}/.config/Signal
+deny  ${HOME}/.config/Sinew Software Systems
+deny  ${HOME}/.config/Slack
+deny  ${HOME}/.config/Standard Notes
+deny  ${HOME}/.config/SubDownloader
+deny  ${HOME}/.config/Thunar
+deny  ${HOME}/.config/Twitch
+deny  ${HOME}/.config/Unknown Organization
+deny  ${HOME}/.config/VirtualBox
+deny  ${HOME}/.config/Wire
+deny  ${HOME}/.config/Youtube
+deny  ${HOME}/.config/Zeal
+deny  ${HOME}/.config/ZeGrapher Project
+deny  ${HOME}/.config/aacs
+deny  ${HOME}/.config/abiword
+deny  ${HOME}/.config/agenda
+deny  ${HOME}/.config/akonadi*
+deny  ${HOME}/.config/akregatorrc
+deny  ${HOME}/.config/alacritty
+deny  ${HOME}/.config/ardour4
+deny  ${HOME}/.config/ardour5
+deny  ${HOME}/.config/aria2
+deny  ${HOME}/.config/arkrc
+deny  ${HOME}/.config/artha.conf
+deny  ${HOME}/.config/artha.log
+deny  ${HOME}/.config/asunder
+deny  ${HOME}/.config/atril
+deny  ${HOME}/.config/audacious
+deny  ${HOME}/.config/autokey
+deny  ${HOME}/.config/avidemux3_qt5rc
+deny  ${HOME}/.config/aweather
+deny  ${HOME}/.config/backintime
+deny  ${HOME}/.config/baloofilerc
+deny  ${HOME}/.config/baloorc
+deny  ${HOME}/.config/bcompare
+deny  ${HOME}/.config/blender
+deny  ${HOME}/.config/bless
+deny  ${HOME}/.config/bnox
+deny  ${HOME}/.config/borg
+deny  ${HOME}/.config/brasero
+deny  ${HOME}/.config/brave
+deny  ${HOME}/.config/brave-flags.conf
+deny  ${HOME}/.config/caja
+deny  ${HOME}/.config/calibre
+deny  ${HOME}/.config/cantata
+deny  ${HOME}/.config/catfish
+deny  ${HOME}/.config/cawbird
+deny  ${HOME}/.config/celluloid
+deny  ${HOME}/.config/cherrytree
+deny  ${HOME}/.config/chrome-beta-flags.conf
+deny  ${HOME}/.config/chrome-beta-flags.config
+deny  ${HOME}/.config/chrome-flags.conf
+deny  ${HOME}/.config/chrome-flags.config
+deny  ${HOME}/.config/chrome-unstable-flags.conf
+deny  ${HOME}/.config/chrome-unstable-flags.config
+deny  ${HOME}/.config/chromium
+deny  ${HOME}/.config/chromium-dev
+deny  ${HOME}/.config/chromium-flags.conf
+deny  ${HOME}/.config/clipit
+deny  ${HOME}/.config/cliqz
+deny  ${HOME}/.config/cmus
+deny  ${HOME}/.config/com.github.bleakgrey.tootle
+deny  ${HOME}/.config/corebird
+deny  ${HOME}/.config/cower
+deny  ${HOME}/.config/coyim
+deny  ${HOME}/.config/darktable
+deny  ${HOME}/.config/deadbeef
+deny  ${HOME}/.config/deluge
+deny  ${HOME}/.config/devilspie2
+deny  ${HOME}/.config/digikam
+deny  ${HOME}/.config/digikamrc
+deny  ${HOME}/.config/discord
+deny  ${HOME}/.config/discordcanary
+deny  ${HOME}/.config/dkl
+deny  ${HOME}/.config/dnox
+deny  ${HOME}/.config/dolphin-emu
+deny  ${HOME}/.config/dolphinrc
+deny  ${HOME}/.config/dragonplayerrc
+deny  ${HOME}/.config/draw.io
+deny  ${HOME}/.config/d-feet
+deny  ${HOME}/.config/electron-mail
+deny  ${HOME}/.config/emaildefaults
+deny  ${HOME}/.config/emailidentities
+deny  ${HOME}/.config/emilia
+deny  ${HOME}/.config/enchant
+deny  ${HOME}/.config/eog
+deny  ${HOME}/.config/epiphany
+deny  ${HOME}/.config/equalx
+deny  ${HOME}/.config/evince
+deny  ${HOME}/.config/evolution
+deny  ${HOME}/.config/falkon
+deny  ${HOME}/.config/filezilla
+deny  ${HOME}/.config/flameshot
+deny  ${HOME}/.config/flaska.net
+deny  ${HOME}/.config/flowblade
+deny  ${HOME}/.config/font-manager
+deny  ${HOME}/.config/freecol
+deny  ${HOME}/.config/gajim
+deny  ${HOME}/.config/galculator
+deny  ${HOME}/.config/gconf
+deny  ${HOME}/.config/geany
+deny  ${HOME}/.config/geary
+deny  ${HOME}/.config/gedit
+deny  ${HOME}/.config/geeqie
+deny  ${HOME}/.config/ghb
+deny  ${HOME}/.config/ghostwriter
+deny  ${HOME}/.config/git
+deny  ${HOME}/.config/git-cola
+deny  ${HOME}/.config/glade.conf
+deny  ${HOME}/.config/globaltime
+deny  ${HOME}/.config/gmpc
+deny  ${HOME}/.config/gnome-builder
+deny  ${HOME}/.config/gnome-chess
+deny  ${HOME}/.config/gnome-control-center
+deny  ${HOME}/.config/gnome-initial-setup-done
+deny  ${HOME}/.config/gnome-latex
+deny  ${HOME}/.config/gnome-mplayer
+deny  ${HOME}/.config/gnome-mpv
+deny  ${HOME}/.config/gnome-pie
+deny  ${HOME}/.config/gnome-session
+deny  ${HOME}/.config/gnote
+deny  ${HOME}/.config/godot
+deny  ${HOME}/.config/google-chrome
+deny  ${HOME}/.config/google-chrome-beta
+deny  ${HOME}/.config/google-chrome-unstable
+deny  ${HOME}/.config/gpicview
+deny  ${HOME}/.config/gthumb
+deny  ${HOME}/.config/gummi
+deny  ${HOME}/.config/guvcview2
+deny  ${HOME}/.config/gwenviewrc
+deny  ${HOME}/.config/hexchat
+deny  ${HOME}/.config/homebank
+deny  ${HOME}/.config/i2p
+deny  ${HOME}/.config/inkscape
+deny  ${HOME}/.config/inox
+deny  ${HOME}/.config/iridium
+deny  ${HOME}/.config/itch
+deny  ${HOME}/.config/jami
+deny  ${HOME}/.config/jd-gui.cfg
+deny  ${HOME}/.config/k3brc
+deny  ${HOME}/.config/kaffeinerc
+deny  ${HOME}/.config/kalgebrarc
+deny  ${HOME}/.config/katemetainfos
+deny  ${HOME}/.config/katepartrc
+deny  ${HOME}/.config/katerc
+deny  ${HOME}/.config/kateschemarc
+deny  ${HOME}/.config/katesyntaxhighlightingrc
+deny  ${HOME}/.config/katevirc
+deny  ${HOME}/.config/kazam
+deny  ${HOME}/.config/kdeconnect
+deny  ${HOME}/.config/kdenliverc
+deny  ${HOME}/.config/kdiff3fileitemactionrc
+deny  ${HOME}/.config/kdiff3rc
+deny  ${HOME}/.config/kfindrc
+deny  ${HOME}/.config/kgetrc
+deny  ${HOME}/.config/kid3rc
+deny  ${HOME}/.config/klavaro
+deny  ${HOME}/.config/klipperrc
+deny  ${HOME}/.config/kmail2rc
+deny  ${HOME}/.config/kmailsearchindexingrc
+deny  ${HOME}/.config/kmplayerrc
+deny  ${HOME}/.config/knotesrc
+deny  ${HOME}/.config/konversationrc
+deny  ${HOME}/.config/konversation.notifyrc
+deny  ${HOME}/.config/kritarc
+deny  ${HOME}/.config/ktorrentrc
+deny  ${HOME}/.config/ktouch2rc
+deny  ${HOME}/.config/kube
+deny  ${HOME}/.config/kwriterc
+deny  ${HOME}/.config/leafpad
+deny  ${HOME}/.config/libreoffice
+deny  ${HOME}/.config/liferea
+deny  ${HOME}/.config/linphone
+deny  ${HOME}/.config/lugaru
+deny  ${HOME}/.config/lutris
+deny  ${HOME}/.config/lximage-qt
+deny  ${HOME}/.config/mailtransports
+deny  ${HOME}/.config/mana
+deny  ${HOME}/.config/mate-calc
+deny  ${HOME}/.config/mate/eom
+deny  ${HOME}/.config/mate/mate-dictionary
+deny  ${HOME}/.config/matrix-mirage
+deny  ${HOME}/.config/mcomix
+deny  ${HOME}/.config/meld
+deny  ${HOME}/.config/meteo-qt
+deny  ${HOME}/.config/menulibre.cfg
+deny  ${HOME}/.config/mfusion
+deny  ${HOME}/.config/Microsoft
+deny  ${HOME}/.config/microsoft-edge-dev
+deny  ${HOME}/.config/midori
+deny  ${HOME}/.config/mirage
+deny  ${HOME}/.config/mono
+deny  ${HOME}/.config/mpDris2
+deny  ${HOME}/.config/mpd
+deny  ${HOME}/.config/mps-youtube
+deny  ${HOME}/.config/mpv
+deny  ${HOME}/.config/mupen64plus
+deny  ${HOME}/.config/mutt
+deny  ${HOME}/.config/mutter
+deny  ${HOME}/.config/mypaint
+deny  ${HOME}/.config/nano
+deny  ${HOME}/.config/nautilus
+deny  ${HOME}/.config/nemo
+deny  ${HOME}/.config/neochatrc
+deny  ${HOME}/.config/neochat.notifyrc
+deny  ${HOME}/.config/neomutt
+deny  ${HOME}/.config/netsurf
+deny  ${HOME}/.config/newsbeuter
+deny  ${HOME}/.config/newsboat
+deny  ${HOME}/.config/newsflash
+deny  ${HOME}/.config/nheko
+deny  ${HOME}/.config/NitroShare
+deny  ${HOME}/.config/nomacs
+deny  ${HOME}/.config/nuclear
+deny  ${HOME}/.config/obs-studio
+deny  ${HOME}/.config/okularpartrc
+deny  ${HOME}/.config/okularrc
+deny  ${HOME}/.config/onboard
+deny  ${HOME}/.config/onionshare
+deny  ${HOME}/.config/onlyoffice
+deny  ${HOME}/.config/openmw
+deny  ${HOME}/.config/opera
+deny  ${HOME}/.config/opera-beta
+deny  ${HOME}/.config/orage
+deny  ${HOME}/.config/org.gabmus.gfeeds.json
+deny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+deny  ${HOME}/.config/org.kde.gwenviewrc
+deny  ${HOME}/.config/otter
+deny  ${HOME}/.config/pavucontrol-qt
+deny  ${HOME}/.config/pavucontrol.ini
+deny  ${HOME}/.config/pcmanfm
+deny  ${HOME}/.config/pdfmod
+deny  ${HOME}/.config/Pinta
+deny  ${HOME}/.config/pipe-viewer
+deny  ${HOME}/.config/pitivi
+deny  ${HOME}/.config/pix
+deny  ${HOME}/.config/pluma
+deny  ${HOME}/.config/ppsspp
+deny  ${HOME}/.config/pragha
+deny  ${HOME}/.config/profanity
+deny  ${HOME}/.config/psi
+deny  ${HOME}/.config/psi+
+deny  ${HOME}/.config/qBittorrent
+deny  ${HOME}/.config/qBittorrentrc
+deny  ${HOME}/.config/qnapi.ini
+deny  ${HOME}/.config/qpdfview
+deny  ${HOME}/.config/quodlibet
+deny  ${HOME}/.config/qupzilla
+deny  ${HOME}/.config/qutebrowser
+deny  ${HOME}/.config/ranger
+deny  ${HOME}/.config/redshift
+deny  ${HOME}/.config/redshift.conf
+deny  ${HOME}/.config/remmina
+deny  ${HOME}/.config/ristretto
+deny  ${HOME}/.config/rtv
+deny  ${HOME}/.config/scribus
+deny  ${HOME}/.config/scribusrc
+deny  ${HOME}/.config/sinew.in
+deny  ${HOME}/.config/sink
+deny  ${HOME}/.config/skypeforlinux
+deny  ${HOME}/.config/slimjet
+deny  ${HOME}/.config/smplayer
+deny  ${HOME}/.config/smtube
+deny  ${HOME}/.config/smuxi
+deny  ${HOME}/.config/snox
+deny  ${HOME}/.config/sound-juicer
+deny  ${HOME}/.config/specialmailcollectionsrc
+deny  ${HOME}/.config/spectaclerc
+deny  ${HOME}/.config/spotify
+deny  ${HOME}/.config/sqlitebrowser
+deny  ${HOME}/.config/stellarium
+deny  ${HOME}/.config/strawberry
+deny  ${HOME}/.config/straw-viewer
+deny  ${HOME}/.config/supertuxkart
+deny  ${HOME}/.config/synfig
+deny  ${HOME}/.config/teams
+deny  ${HOME}/.config/teams-for-linux
+deny  ${HOME}/.config/telepathy-account-widgets
+deny  ${HOME}/.config/torbrowser
+deny  ${HOME}/.config/totem
+deny  ${HOME}/.config/tox
+deny  ${HOME}/.config/transgui
+deny  ${HOME}/.config/transmission
+deny  ${HOME}/.config/truecraft
+deny  ${HOME}/.config/tuta_integration
+deny  ${HOME}/.config/tutanota-desktop
+deny  ${HOME}/.config/tvbrowser
+deny  ${HOME}/.config/uGet
+deny  ${HOME}/.config/ungoogled-chromium
+deny  ${HOME}/.config/uzbl
+deny  ${HOME}/.config/viewnior
+deny  ${HOME}/.config/vivaldi
+deny  ${HOME}/.config/vivaldi-snapshot
+deny  ${HOME}/.config/vlc
+deny  ${HOME}/.config/wesnoth
+deny  ${HOME}/.config/wormux
+deny  ${HOME}/.config/Whalebird
+deny  ${HOME}/.config/wireshark
+deny  ${HOME}/.config/xchat
+deny  ${HOME}/.config/xed
+deny  ${HOME}/.config/xfburn
+deny  ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+deny  ${HOME}/.config/xfce4/xfce4-notes.rc
+deny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+deny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+deny  ${HOME}/.config/xfce4-dict
+deny  ${HOME}/.config/xiaoyong
+deny  ${HOME}/.config/xmms2
+deny  ${HOME}/.config/xplayer
+deny  ${HOME}/.config/xreader
+deny  ${HOME}/.config/xviewer
+deny  ${HOME}/.config/yandex-browser
+deny  ${HOME}/.config/yandex-browser-beta
+deny  ${HOME}/.config/yelp
+deny  ${HOME}/.config/youtube-dl
+deny  ${HOME}/.config/youtube-dlg
+deny  ${HOME}/.config/youtubemusic-nativefier-040164
+deny  ${HOME}/.config/youtube-music-desktop-app
+deny  ${HOME}/.config/youtube-viewer
+deny  ${HOME}/.config/zathura
+deny  ${HOME}/.config/zoomus.conf
+deny  ${HOME}/.config/Zulip
+deny  ${HOME}/.conkeror.mozdev.org
+deny  ${HOME}/.crawl
+deny  ${HOME}/.cups
+deny  ${HOME}/.curl-hsts
+deny  ${HOME}/.curlrc
+deny  ${HOME}/.dashcore
+deny  ${HOME}/.devilspie
+deny  ${HOME}/.dia
+deny  ${HOME}/.digrc
+deny  ${HOME}/.dillo
+deny  ${HOME}/.dooble
+deny  ${HOME}/.dosbox
+deny  ${HOME}/.dropbox*
+deny  ${HOME}/.easystroke
+deny  ${HOME}/.electron-cache
+deny  ${HOME}/.electrum*
+deny  ${HOME}/.elinks
+deny  ${HOME}/.emacs
+deny  ${HOME}/.emacs.d
+deny  ${HOME}/.equalx
+deny  ${HOME}/.ethereum
+deny  ${HOME}/.etr
+deny  ${HOME}/.filezilla
+deny  ${HOME}/.firedragon
+deny  ${HOME}/.flowblade
+deny  ${HOME}/.fltk
+deny  ${HOME}/.fossamail
+deny  ${HOME}/.freeciv
+deny  ${HOME}/.freecol
+deny  ${HOME}/.freemind
+deny  ${HOME}/.frogatto
+deny  ${HOME}/.frozen-bubble
+deny  ${HOME}/.funnyboat
+deny  ${HOME}/.gimp*
+deny  ${HOME}/.gist
+deny  ${HOME}/.gitconfig
+deny  ${HOME}/.gl-117
+deny  ${HOME}/.glaxiumrc
+deny  ${HOME}/.gnome/gnome-schedule
+deny  ${HOME}/.googleearth
+deny  ${HOME}/.gradle
+deny  ${HOME}/.gramps
+deny  ${HOME}/.guayadeque
+deny  ${HOME}/.hashcat
+deny  ${HOME}/.hex-a-hop
+deny  ${HOME}/.hedgewars
+deny  ${HOME}/.hugin
+deny  ${HOME}/.i2p
+deny  ${HOME}/.icedove
+deny  ${HOME}/.imagej
+deny  ${HOME}/.inkscape
+deny  ${HOME}/.itch
+deny  ${HOME}/.jack-server
+deny  ${HOME}/.jack-settings
+deny  ${HOME}/.jak
+deny  ${HOME}/.java
+deny  ${HOME}/.jd
+deny  ${HOME}/.jitsi
+deny  ${HOME}/.jumpnbump
+deny  ${HOME}/.kde/share/apps/digikam
+deny  ${HOME}/.kde/share/apps/gwenview
+deny  ${HOME}/.kde/share/apps/kaffeine
+deny  ${HOME}/.kde/share/apps/kcookiejar
+deny  ${HOME}/.kde/share/apps/kget
+deny  ${HOME}/.kde/share/apps/khtml
+deny  ${HOME}/.kde/share/apps/klatexformula
+deny  ${HOME}/.kde/share/apps/konqsidebartng
+deny  ${HOME}/.kde/share/apps/konqueror
+deny  ${HOME}/.kde/share/apps/kopete
+deny  ${HOME}/.kde/share/apps/ktorrent
+deny  ${HOME}/.kde/share/apps/okular
+deny  ${HOME}/.kde/share/config/baloofilerc
+deny  ${HOME}/.kde/share/config/baloorc
+deny  ${HOME}/.kde/share/config/digikam
+deny  ${HOME}/.kde/share/config/gwenviewrc
+deny  ${HOME}/.kde/share/config/k3brc
+deny  ${HOME}/.kde/share/config/kaffeinerc
+deny  ${HOME}/.kde/share/config/kcookiejarrc
+deny  ${HOME}/.kde/share/config/kfindrc
+deny  ${HOME}/.kde/share/config/kgetrc
+deny  ${HOME}/.kde/share/config/khtmlrc
+deny  ${HOME}/.kde/share/config/klipperrc
+deny  ${HOME}/.kde/share/config/kmplayerrc
+deny  ${HOME}/.kde/share/config/konq_history
+deny  ${HOME}/.kde/share/config/konqsidebartngrc
+deny  ${HOME}/.kde/share/config/konquerorrc
+deny  ${HOME}/.kde/share/config/konversationrc
+deny  ${HOME}/.kde/share/config/kopeterc
+deny  ${HOME}/.kde/share/config/ktorrentrc
+deny  ${HOME}/.kde/share/config/okularpartrc
+deny  ${HOME}/.kde/share/config/okularrc
+deny  ${HOME}/.kde4/share/apps/digikam
+deny  ${HOME}/.kde4/share/apps/gwenview
+deny  ${HOME}/.kde4/share/apps/kaffeine
+deny  ${HOME}/.kde4/share/apps/kcookiejar
+deny  ${HOME}/.kde4/share/apps/kget
+deny  ${HOME}/.kde4/share/apps/khtml
+deny  ${HOME}/.kde4/share/apps/konqsidebartng
+deny  ${HOME}/.kde4/share/apps/konqueror
+deny  ${HOME}/.kde4/share/apps/kopete
+deny  ${HOME}/.kde4/share/apps/ktorrent
+deny  ${HOME}/.kde4/share/apps/okular
+deny  ${HOME}/.kde4/share/config/baloofilerc
+deny  ${HOME}/.kde4/share/config/baloorc
+deny  ${HOME}/.kde4/share/config/digikam
+deny  ${HOME}/.kde4/share/config/gwenviewrc
+deny  ${HOME}/.kde4/share/config/k3brc
+deny  ${HOME}/.kde4/share/config/kaffeinerc
+deny  ${HOME}/.kde4/share/config/kcookiejarrc
+deny  ${HOME}/.kde4/share/config/kfindrc
+deny  ${HOME}/.kde4/share/config/kgetrc
+deny  ${HOME}/.kde4/share/config/khtmlrc
+deny  ${HOME}/.kde4/share/config/klipperrc
+deny  ${HOME}/.kde4/share/config/konq_history
+deny  ${HOME}/.kde4/share/config/konqsidebartngrc
+deny  ${HOME}/.kde4/share/config/konquerorrc
+deny  ${HOME}/.kde4/share/config/konversationrc
+deny  ${HOME}/.kde4/share/config/kopeterc
+deny  ${HOME}/.kde4/share/config/ktorrentrc
+deny  ${HOME}/.kde4/share/config/okularpartrc
+deny  ${HOME}/.kde4/share/config/okularrc
+deny  ${HOME}/.killingfloor
+deny  ${HOME}/.kingsoft
+deny  ${HOME}/.kino-history
+deny  ${HOME}/.kinorc
+deny  ${HOME}/.klatexformula
+deny  ${HOME}/.klei
+deny  ${HOME}/.kodi
+deny  ${HOME}/.librewolf
+deny  ${HOME}/.lincity-ng
+deny  ${HOME}/.links
+deny  ${HOME}/.links2
+deny  ${HOME}/.linphone-history.db
+deny  ${HOME}/.linphonerc
+deny  ${HOME}/.lmmsrc.xml
+deny  ${HOME}/.local/lib/vivaldi
+deny  ${HOME}/.local/share/0ad
+deny  ${HOME}/.local/share/3909/PapersPlease
+deny  ${HOME}/.local/share/Anki2
+deny  ${HOME}/.local/share/Dredmor
+deny  ${HOME}/.local/share/Empathy
+deny  ${HOME}/.local/share/Enpass
+deny  ${HOME}/.local/share/Flavio Tordini
+deny  ${HOME}/.local/share/JetBrains
+deny  ${HOME}/.local/share/KDE/neochat
+deny  ${HOME}/.local/share/Kingsoft
+deny  ${HOME}/.local/share/LibreCAD
+deny  ${HOME}/.local/share/Mendeley Ltd.
+deny  ${HOME}/.local/share/Mumble
+deny  ${HOME}/.local/share/Nextcloud
+deny  ${HOME}/.local/share/PBE
+deny  ${HOME}/.local/share/PawelStolowski
+deny  ${HOME}/.local/share/PillarsOfEternity
+deny  ${HOME}/.local/share/Psi
+deny  ${HOME}/.local/share/QGIS
+deny  ${HOME}/.local/share/QMediathekView
+deny  ${HOME}/.local/share/QuiteRss
+deny  ${HOME}/.local/share/Ricochet
+deny  ${HOME}/.local/share/RogueLegacy
+deny  ${HOME}/.local/share/RogueLegacyStorageContainer
+deny  ${HOME}/.local/share/Shortwave
+deny  ${HOME}/.local/share/Steam
+deny  ${HOME}/.local/share/SteamWorldDig
+deny  ${HOME}/.local/share/SteamWorld Dig 2
+deny  ${HOME}/.local/share/SuperHexagon
+deny  ${HOME}/.local/share/TelegramDesktop
+deny  ${HOME}/.local/share/Terraria
+deny  ${HOME}/.local/share/TpLogger
+deny  ${HOME}/.local/share/Zeal
+deny  ${HOME}/.local/share/akonadi*
+deny  ${HOME}/.local/share/akregator
+deny  ${HOME}/.local/share/agenda
+deny  ${HOME}/.local/share/apps/korganizer
+deny  ${HOME}/.local/share/aspyr-media
+deny  ${HOME}/.local/share/autokey
+deny  ${HOME}/.local/share/authenticator-rs
+deny  ${HOME}/.local/share/backintime
+deny  ${HOME}/.local/share/baloo
+deny  ${HOME}/.local/share/barrier
+deny  ${HOME}/.local/share/bibletime
+deny  ${HOME}/.local/share/bijiben
+deny  ${HOME}/.local/share/bohemiainteractive
+deny  ${HOME}/.local/share/caja-python
+deny  ${HOME}/.local/share/calligragemini
+deny  ${HOME}/.local/share/cantata
+deny  ${HOME}/.local/share/cdprojektred
+deny  ${HOME}/.local/share/clipit
+deny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+deny  ${HOME}/.local/share/contacts
+deny  ${HOME}/.local/share/cor-games
+deny  ${HOME}/.local/share/data/Mendeley Ltd.
+deny  ${HOME}/.local/share/data/Mumble
+deny  ${HOME}/.local/share/data/MusE
+deny  ${HOME}/.local/share/data/MuseScore
+deny  ${HOME}/.local/share/data/nomacs
+deny  ${HOME}/.local/share/data/qBittorrent
+deny  ${HOME}/.local/share/dino
+deny  ${HOME}/.local/share/dolphin
+deny  ${HOME}/.local/share/dolphin-emu
+deny  ${HOME}/.local/share/emailidentities
+deny  ${HOME}/.local/share/epiphany
+deny  ${HOME}/.local/share/evolution
+deny  ${HOME}/.local/share/FasterThanLight
+deny  ${HOME}/.local/share/feedreader
+deny  ${HOME}/.local/share/feral-interactive
+deny  ${HOME}/.local/share/five-or-more
+deny  ${HOME}/.local/share/freecol
+deny  ${HOME}/.local/share/gajim
+deny  ${HOME}/.local/share/geary
+deny  ${HOME}/.local/share/geeqie
+deny  ${HOME}/.local/share/ghostwriter
+deny  ${HOME}/.local/share/gitg
+deny  ${HOME}/.local/share/gnome-2048
+deny  ${HOME}/.local/share/gnome-boxes
+deny  ${HOME}/.local/share/gnome-builder
+deny  ${HOME}/.local/share/gnome-chess
+deny  ${HOME}/.local/share/gnome-klotski
+deny  ${HOME}/.local/share/gnome-latex
+deny  ${HOME}/.local/share/gnome-mines
+deny  ${HOME}/.local/share/gnome-music
+deny  ${HOME}/.local/share/gnome-nibbles
+deny  ${HOME}/.local/share/gnome-photos
+deny  ${HOME}/.local/share/gnome-pomodoro
+deny  ${HOME}/.local/share/gnome-recipes
+deny  ${HOME}/.local/share/gnome-ring
+deny  ${HOME}/.local/share/gnome-sudoku
+deny  ${HOME}/.local/share/gnome-twitch
+deny  ${HOME}/.local/share/gnote
+deny  ${HOME}/.local/share/godot
+deny  ${HOME}/.local/share/gradio
+deny  ${HOME}/.local/share/gwenview
+deny  ${HOME}/.local/share/i2p
+deny  ${HOME}/.local/share/IntoTheBreach
+deny  ${HOME}/.local/share/jami
+deny  ${HOME}/.local/share/kaffeine
+deny  ${HOME}/.local/share/kalgebra
+deny  ${HOME}/.local/share/kate
+deny  ${HOME}/.local/share/kdenlive
+deny  ${HOME}/.local/share/kget
+deny  ${HOME}/.local/share/kiwix
+deny  ${HOME}/.local/share/kiwix-desktop
+deny  ${HOME}/.local/share/klavaro
+deny  ${HOME}/.local/share/kmail2
+deny  ${HOME}/.local/share/kmplayer
+deny  ${HOME}/.local/share/knotes
+deny  ${HOME}/.local/share/krita
+deny  ${HOME}/.local/share/ktorrent
+deny  ${HOME}/.local/share/ktorrentrc
+deny  ${HOME}/.local/share/ktouch
+deny  ${HOME}/.local/share/kube
+deny  ${HOME}/.local/share/kwrite
+deny  ${HOME}/.local/share/kxmlgui5/*
+deny  ${HOME}/.local/share/liferea
+deny  ${HOME}/.local/share/linphone
+deny  ${HOME}/.local/share/local-mail
+deny  ${HOME}/.local/share/lollypop
+deny  ${HOME}/.local/share/love
+deny  ${HOME}/.local/share/lugaru
+deny  ${HOME}/.local/share/lutris
+deny  ${HOME}/.local/share/man
+deny  ${HOME}/.local/share/mana
+deny  ${HOME}/.local/share/maps-places.json
+deny  ${HOME}/.local/share/matrix-mirage
+deny  ${HOME}/.local/share/mcomix
+deny  ${HOME}/.local/share/meld
+deny  ${HOME}/.local/share/midori
+deny  ${HOME}/.local/share/minder
+deny  ${HOME}/.local/share/mirage
+deny  ${HOME}/.local/share/multimc
+deny  ${HOME}/.local/share/multimc5
+deny  ${HOME}/.local/share/mupen64plus
+deny  ${HOME}/.local/share/mypaint
+deny  ${HOME}/.local/share/nautilus
+deny  ${HOME}/.local/share/nautilus-python
+deny  ${HOME}/.local/share/nemo
+deny  ${HOME}/.local/share/nemo-python
+deny  ${HOME}/.local/share/news-flash
+deny  ${HOME}/.local/share/newsbeuter
+deny  ${HOME}/.local/share/newsboat
+deny  ${HOME}/.local/share/nheko
+deny  ${HOME}/.local/share/nomacs
+deny  ${HOME}/.local/share/notes
+deny  ${HOME}/.local/share/ocenaudio
+deny  ${HOME}/.local/share/okular
+deny  ${HOME}/.local/share/onlyoffice
+deny  ${HOME}/.local/share/openmw
+deny  ${HOME}/.local/share/orage
+deny  ${HOME}/.local/share/org.kde.gwenview
+deny  ${HOME}/.local/share/Paradox Interactive
+deny  ${HOME}/.local/share/pix
+deny  ${HOME}/.local/share/plasma_notes
+deny  ${HOME}/.local/share/profanity
+deny  ${HOME}/.local/share/psi
+deny  ${HOME}/.local/share/psi+
+deny  ${HOME}/.local/share/quadrapassel
+deny  ${HOME}/.local/share/qpdfview
+deny  ${HOME}/.local/share/qutebrowser
+deny  ${HOME}/.local/share/remmina
+deny  ${HOME}/.local/share/rhythmbox
+deny  ${HOME}/.local/share/rtv
+deny  ${HOME}/.local/share/scribus
+deny  ${HOME}/.local/share/shotwell
+deny  ${HOME}/.local/share/signal-cli
+deny  ${HOME}/.local/share/sink
+deny  ${HOME}/.local/share/smuxi
+deny  ${HOME}/.local/share/spotify
+deny  ${HOME}/.local/share/steam
+deny  ${HOME}/.local/share/strawberry
+deny  ${HOME}/.local/share/supertux2
+deny  ${HOME}/.local/share/supertuxkart
+deny  ${HOME}/.local/share/swell-foop
+deny  ${HOME}/.local/share/telepathy
+deny  ${HOME}/.local/share/terasology
+deny  ${HOME}/.local/share/torbrowser
+deny  ${HOME}/.local/share/totem
+deny  ${HOME}/.local/share/uzbl
+deny  ${HOME}/.local/share/vlc
+deny  ${HOME}/.local/share/vpltd
+deny  ${HOME}/.local/share/vulkan
+deny  ${HOME}/.local/share/warsow-2.1
+deny  ${HOME}/.local/share/wesnoth
+deny  ${HOME}/.local/share/wormux
+deny  ${HOME}/.local/share/xplayer
+deny  ${HOME}/.local/share/xreader
+deny  ${HOME}/.local/share/zathura
+deny  ${HOME}/.lv2
+deny  ${HOME}/.lyx
+deny  ${HOME}/.magicor
+deny  ${HOME}/.masterpdfeditor
+deny  ${HOME}/.mbwarband
+deny  ${HOME}/.mcabber
+deny  ${HOME}/.mcabberrc
+deny  ${HOME}/.mediathek3
+deny  ${HOME}/.megaglest
+deny  ${HOME}/.minecraft
+deny  ${HOME}/.minetest
+deny  ${HOME}/.mirrormagic
+deny  ${HOME}/.moc
+deny  ${HOME}/.moonchild productions/basilisk
+deny  ${HOME}/.moonchild productions/pale moon
+deny  ${HOME}/.mozilla
+deny  ${HOME}/.mp3splt-gtk
+deny  ${HOME}/.mpd
+deny  ${HOME}/.mpdconf
+deny  ${HOME}/.mplayer
+deny  ${HOME}/.msmtprc
+deny  ${HOME}/.multimc5
+deny  ${HOME}/.nanorc
+deny  ${HOME}/.netactview
+deny  ${HOME}/.neverball
+deny  ${HOME}/.newsbeuter
+deny  ${HOME}/.newsboat
+deny  ${HOME}/.newsrc
+deny  ${HOME}/.nicotine
+deny  ${HOME}/.node-gyp
+deny  ${HOME}/.npm
+deny  ${HOME}/.npmrc
+deny  ${HOME}/.nv
+deny  ${HOME}/.nvm
+deny  ${HOME}/.nylas-mail
+deny  ${HOME}/.openarena
+deny  ${HOME}/.opencity
+deny  ${HOME}/.openinvaders
+deny  ${HOME}/.openshot
+deny  ${HOME}/.openshot_qt
+deny  ${HOME}/.openttd
+deny  ${HOME}/.opera
+deny  ${HOME}/.opera-beta
+deny  ${HOME}/.ostrichriders
+deny  ${HOME}/.paradoxinteractive
+deny  ${HOME}/.parallelrealities/blobwars
+deny  ${HOME}/.pcsxr
+deny  ${HOME}/.penguin-command
+deny  ${HOME}/.pine-crash
+deny  ${HOME}/.pine-debug1
+deny  ${HOME}/.pine-debug2
+deny  ${HOME}/.pine-debug3
+deny  ${HOME}/.pine-debug4
+deny  ${HOME}/.pine-interrupted-mail
+deny  ${HOME}/.pinerc
+deny  ${HOME}/.pinercex
+deny  ${HOME}/.pingus
+deny  ${HOME}/.pioneer
+deny  ${HOME}/.purple
+deny  ${HOME}/.pylint.d
+deny  ${HOME}/.qemu-launcher
+deny  ${HOME}/.qgis2
+deny  ${HOME}/.qmmp
+deny  ${HOME}/.quodlibet
+deny  ${HOME}/.redeclipse
+deny  ${HOME}/.remmina
+deny  ${HOME}/.repo_.gitconfig.json
+deny  ${HOME}/.repoconfig
+deny  ${HOME}/.retroshare
+deny  ${HOME}/.ripperXrc
+deny  ${HOME}/.scorched3d
+deny  ${HOME}/.scribus
+deny  ${HOME}/.scribusrc
+deny  ${HOME}/.simutrans
+deny  ${HOME}/.smartgit/*/passwords
+deny  ${HOME}/.ssr
+deny  ${HOME}/.steam
+deny  ${HOME}/.steampath
+deny  ${HOME}/.steampid
+deny  ${HOME}/.stellarium
+deny  ${HOME}/.subversion
+deny  ${HOME}/.surf
+deny  ${HOME}/.suve/colorful
+deny  ${HOME}/.swb.ini
+deny  ${HOME}/.sword
+deny  ${HOME}/.sylpheed-2.0
+deny  ${HOME}/.synfig
+deny  ${HOME}/.tb
+deny  ${HOME}/.tconn
+deny  ${HOME}/.teeworlds
+deny  ${HOME}/.texlive20*
+deny  ${HOME}/.thunderbird
+deny  ${HOME}/.tilp
+deny  ${HOME}/.tin
+deny  ${HOME}/.tooling
+deny  ${HOME}/.tor-browser*
+deny  ${HOME}/.torcs
+deny  ${HOME}/.tremulous
+deny  ${HOME}/.ts3client
+deny  ${HOME}/.tuxguitar*
+deny  ${HOME}/.tvbrowser
+deny  ${HOME}/.unknown-horizons
+deny  ${HOME}/.viking
+deny  ${HOME}/.viking-maps
+deny  ${HOME}/.vim
+deny  ${HOME}/.vimrc
+deny  ${HOME}/.vmware
+deny  ${HOME}/.vscode
+deny  ${HOME}/.vscode-oss
+deny  ${HOME}/.vst
+deny  ${HOME}/.vultures
+deny  ${HOME}/.w3m
+deny  ${HOME}/.warzone2100-3.*
+deny  ${HOME}/.waterfox
+deny  ${HOME}/.weechat
+deny  ${HOME}/.wget-hsts
+deny  ${HOME}/.wgetrc
+deny  ${HOME}/.widelands
+deny  ${HOME}/.wine
+deny  ${HOME}/.wine64
+deny  ${HOME}/.wireshark
+deny  ${HOME}/.wordwarvi
+deny  ${HOME}/.wormux
+deny  ${HOME}/.xiphos
+deny  ${HOME}/.xmind
+deny  ${HOME}/.xmms
+deny  ${HOME}/.xmr-stak
+deny  ${HOME}/.xonotic
+deny  ${HOME}/.xournalpp
+deny  ${HOME}/.xpdfrc
+deny  ${HOME}/.yarn
+deny  ${HOME}/.yarn-config
+deny  ${HOME}/.yarncache
+deny  ${HOME}/.yarnrc
+deny  ${HOME}/.zoom
+deny  /tmp/akonadi-*
+deny  /tmp/.wine-*
+deny  /var/games/nethack
+deny  /var/games/slashem
+deny  /var/games/vulturesclaw
+deny  /var/games/vultureseye
+deny  /var/lib/games/Maelstrom-Scores
 
 # ${HOME}/.cache directory
-blacklist ${HOME}/.cache/0ad
-blacklist ${HOME}/.cache/8pecxstudios
-blacklist ${HOME}/.cache/Authenticator
-blacklist ${HOME}/.cache/BraveSoftware
-blacklist ${HOME}/.cache/Clementine
-blacklist ${HOME}/.cache/ENCOM/Spectral
-blacklist ${HOME}/.cache/Enox
-blacklist ${HOME}/.cache/Enpass
-blacklist ${HOME}/.cache/Ferdi
-blacklist ${HOME}/.cache/Flavio Tordini
-blacklist ${HOME}/.cache/Franz
-blacklist ${HOME}/.cache/INRIA
-blacklist ${HOME}/.cache/MusicBrainz
-blacklist ${HOME}/.cache/NewsFlashGTK
-blacklist ${HOME}/.cache/Otter
-blacklist ${HOME}/.cache/PawelStolowski
-blacklist ${HOME}/.cache/Psi
-blacklist ${HOME}/.cache/QuiteRss
-blacklist ${HOME}/.cache/quodlibet
-blacklist ${HOME}/.cache/Quotient/quaternion
-blacklist ${HOME}/.cache/Shortwave
-blacklist ${HOME}/.cache/Tox
-blacklist ${HOME}/.cache/Zeal
-blacklist ${HOME}/.cache/agenda
-blacklist ${HOME}/.cache/akonadi*
-blacklist ${HOME}/.cache/atril
-blacklist ${HOME}/.cache/attic
-blacklist ${HOME}/.cache/babl
-blacklist ${HOME}/.cache/bnox
-blacklist ${HOME}/.cache/borg
-blacklist ${HOME}/.cache/calibre
-blacklist ${HOME}/.cache/cantata
-blacklist ${HOME}/.cache/champlain
-blacklist ${HOME}/.cache/chromium
-blacklist ${HOME}/.cache/chromium-dev
-blacklist ${HOME}/.cache/cliqz
-blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
-blacklist ${HOME}/.cache/darktable
-blacklist ${HOME}/.cache/deja-dup
-blacklist ${HOME}/.cache/discover
-blacklist ${HOME}/.cache/dnox
-blacklist ${HOME}/.cache/dolphin
-blacklist ${HOME}/.cache/dolphin-emu
-blacklist ${HOME}/.cache/ephemeral
-blacklist ${HOME}/.cache/epiphany
-blacklist ${HOME}/.cache/evolution
-blacklist ${HOME}/.cache/falkon
-blacklist ${HOME}/.cache/feedreader
-blacklist ${HOME}/.cache/firedragon
-blacklist ${HOME}/.cache/flaska.net/trojita
-blacklist ${HOME}/.cache/folks
-blacklist ${HOME}/.cache/font-manager
-blacklist ${HOME}/.cache/fossamail
-blacklist ${HOME}/.cache/fractal
-blacklist ${HOME}/.cache/freecol
-blacklist ${HOME}/.cache/gajim
-blacklist ${HOME}/.cache/geary
-blacklist ${HOME}/.cache/gegl-0.4
-blacklist ${HOME}/.cache/geeqie
-blacklist ${HOME}/.cache/gfeeds
-blacklist ${HOME}/.cache/gimp
-blacklist ${HOME}/.cache/gnome-boxes
-blacklist ${HOME}/.cache/gnome-builder
-blacklist ${HOME}/.cache/gnome-control-center
-blacklist ${HOME}/.cache/gnome-recipes
-blacklist ${HOME}/.cache/gnome-screenshot
-blacklist ${HOME}/.cache/gnome-software
-blacklist ${HOME}/.cache/gnome-twitch
-blacklist ${HOME}/.cache/godot
-blacklist ${HOME}/.cache/google-chrome
-blacklist ${HOME}/.cache/google-chrome-beta
-blacklist ${HOME}/.cache/google-chrome-unstable
-blacklist ${HOME}/.cache/gradio
-blacklist ${HOME}/.cache/gummi
-blacklist ${HOME}/.cache/icedove
-blacklist ${HOME}/.cache/INRIA/Natron
-blacklist ${HOME}/.cache/inkscape
-blacklist ${HOME}/.cache/inox
-blacklist ${HOME}/.cache/iridium
-blacklist ${HOME}/.cache/kcmshell5
-blacklist ${HOME}/.cache/KDE/neochat
-blacklist ${HOME}/.cache/kdenlive
-blacklist ${HOME}/.cache/keepassxc
-blacklist ${HOME}/.cache/kfind
-blacklist ${HOME}/.cache/kinfocenter
-blacklist ${HOME}/.cache/kmail2
-blacklist ${HOME}/.cache/krunner
-blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
-blacklist ${HOME}/.cache/kscreenlocker_greet
-blacklist ${HOME}/.cache/ksmserver-logout-greeter
-blacklist ${HOME}/.cache/ksplashqml
-blacklist ${HOME}/.cache/kube
-blacklist ${HOME}/.cache/kwin
-blacklist ${HOME}/.cache/libgweather
-blacklist ${HOME}/.cache/librewolf
-blacklist ${HOME}/.cache/liferea
-blacklist ${HOME}/.cache/lutris
-blacklist ${HOME}/.cache/Mendeley Ltd.
-blacklist ${HOME}/.cache/marker
-blacklist ${HOME}/.cache/matrix-mirage
-blacklist ${HOME}/.cache/microsoft-edge-dev
-blacklist ${HOME}/.cache/midori
-blacklist ${HOME}/.cache/minetest
-blacklist ${HOME}/.cache/mirage
-blacklist ${HOME}/.cache/moonchild productions/basilisk
-blacklist ${HOME}/.cache/moonchild productions/pale moon
-blacklist ${HOME}/.cache/mozilla
-blacklist ${HOME}/.cache/ms-excel-online
-blacklist ${HOME}/.cache/ms-office-online
-blacklist ${HOME}/.cache/ms-onenote-online
-blacklist ${HOME}/.cache/ms-outlook-online
-blacklist ${HOME}/.cache/ms-powerpoint-online
-blacklist ${HOME}/.cache/ms-skype-online
-blacklist ${HOME}/.cache/ms-word-online
-blacklist ${HOME}/.cache/mutt
-blacklist ${HOME}/.cache/mypaint
-blacklist ${HOME}/.cache/nheko
-blacklist ${HOME}/.cache/netsurf
-blacklist ${HOME}/.cache/okular
-blacklist ${HOME}/.cache/opera
-blacklist ${HOME}/.cache/opera-beta
-blacklist ${HOME}/.cache/org.gabmus.gfeeds
-blacklist ${HOME}/.cache/org.gnome.Books
-blacklist ${HOME}/.cache/org.gnome.Maps
-blacklist ${HOME}/.cache/pdfmod
-blacklist ${HOME}/.cache/peek
-blacklist ${HOME}/.cache/pip
-blacklist ${HOME}/.cache/pipe-viewer
-blacklist ${HOME}/.cache/plasmashell
-blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
-blacklist ${HOME}/.cache/psi
-blacklist ${HOME}/.cache/qBittorrent
-blacklist ${HOME}/.cache/qupzilla
-blacklist ${HOME}/.cache/qutebrowser
-blacklist ${HOME}/.cache/rhythmbox
-blacklist ${HOME}/.cache/shotwell
-blacklist ${HOME}/.cache/simple-scan
-blacklist ${HOME}/.cache/slimjet
-blacklist ${HOME}/.cache/smuxi
-blacklist ${HOME}/.cache/snox
-blacklist ${HOME}/.cache/spotify
-blacklist ${HOME}/.cache/strawberry
-blacklist ${HOME}/.cache/straw-viewer
-blacklist ${HOME}/.cache/supertuxkart
-blacklist ${HOME}/.cache/systemsettings
-blacklist ${HOME}/.cache/telepathy
-blacklist ${HOME}/.cache/thunderbird
-blacklist ${HOME}/.cache/torbrowser
-blacklist ${HOME}/.cache/transmission
-blacklist ${HOME}/.cache/ungoogled-chromium
-blacklist ${HOME}/.cache/vivaldi
-blacklist ${HOME}/.cache/vivaldi-snapshot
-blacklist ${HOME}/.cache/vlc
-blacklist ${HOME}/.cache/vmware
-blacklist ${HOME}/.cache/warsow-2.1
-blacklist ${HOME}/.cache/waterfox
-blacklist ${HOME}/.cache/wesnoth
-blacklist ${HOME}/.cache/winetricks
-blacklist ${HOME}/.cache/xmms2
-blacklist ${HOME}/.cache/xreader
-blacklist ${HOME}/.cache/yandex-browser
-blacklist ${HOME}/.cache/yandex-browser-beta
-blacklist ${HOME}/.cache/youtube-dl
-blacklist ${HOME}/.cache/youtube-viewer
+deny  ${HOME}/.cache/0ad
+deny  ${HOME}/.cache/8pecxstudios
+deny  ${HOME}/.cache/Authenticator
+deny  ${HOME}/.cache/BraveSoftware
+deny  ${HOME}/.cache/Clementine
+deny  ${HOME}/.cache/ENCOM/Spectral
+deny  ${HOME}/.cache/Enox
+deny  ${HOME}/.cache/Enpass
+deny  ${HOME}/.cache/Ferdi
+deny  ${HOME}/.cache/Flavio Tordini
+deny  ${HOME}/.cache/Franz
+deny  ${HOME}/.cache/INRIA
+deny  ${HOME}/.cache/MusicBrainz
+deny  ${HOME}/.cache/NewsFlashGTK
+deny  ${HOME}/.cache/Otter
+deny  ${HOME}/.cache/PawelStolowski
+deny  ${HOME}/.cache/Psi
+deny  ${HOME}/.cache/QuiteRss
+deny  ${HOME}/.cache/quodlibet
+deny  ${HOME}/.cache/Quotient/quaternion
+deny  ${HOME}/.cache/Shortwave
+deny  ${HOME}/.cache/Tox
+deny  ${HOME}/.cache/Zeal
+deny  ${HOME}/.cache/agenda
+deny  ${HOME}/.cache/akonadi*
+deny  ${HOME}/.cache/atril
+deny  ${HOME}/.cache/attic
+deny  ${HOME}/.cache/babl
+deny  ${HOME}/.cache/bnox
+deny  ${HOME}/.cache/borg
+deny  ${HOME}/.cache/calibre
+deny  ${HOME}/.cache/cantata
+deny  ${HOME}/.cache/champlain
+deny  ${HOME}/.cache/chromium
+deny  ${HOME}/.cache/chromium-dev
+deny  ${HOME}/.cache/cliqz
+deny  ${HOME}/.cache/com.github.johnfactotum.Foliate
+deny  ${HOME}/.cache/darktable
+deny  ${HOME}/.cache/deja-dup
+deny  ${HOME}/.cache/discover
+deny  ${HOME}/.cache/dnox
+deny  ${HOME}/.cache/dolphin
+deny  ${HOME}/.cache/dolphin-emu
+deny  ${HOME}/.cache/ephemeral
+deny  ${HOME}/.cache/epiphany
+deny  ${HOME}/.cache/evolution
+deny  ${HOME}/.cache/falkon
+deny  ${HOME}/.cache/feedreader
+deny  ${HOME}/.cache/firedragon
+deny  ${HOME}/.cache/flaska.net/trojita
+deny  ${HOME}/.cache/folks
+deny  ${HOME}/.cache/font-manager
+deny  ${HOME}/.cache/fossamail
+deny  ${HOME}/.cache/fractal
+deny  ${HOME}/.cache/freecol
+deny  ${HOME}/.cache/gajim
+deny  ${HOME}/.cache/geary
+deny  ${HOME}/.cache/gegl-0.4
+deny  ${HOME}/.cache/geeqie
+deny  ${HOME}/.cache/gfeeds
+deny  ${HOME}/.cache/gimp
+deny  ${HOME}/.cache/gnome-boxes
+deny  ${HOME}/.cache/gnome-builder
+deny  ${HOME}/.cache/gnome-control-center
+deny  ${HOME}/.cache/gnome-recipes
+deny  ${HOME}/.cache/gnome-screenshot
+deny  ${HOME}/.cache/gnome-software
+deny  ${HOME}/.cache/gnome-twitch
+deny  ${HOME}/.cache/godot
+deny  ${HOME}/.cache/google-chrome
+deny  ${HOME}/.cache/google-chrome-beta
+deny  ${HOME}/.cache/google-chrome-unstable
+deny  ${HOME}/.cache/gradio
+deny  ${HOME}/.cache/gummi
+deny  ${HOME}/.cache/icedove
+deny  ${HOME}/.cache/INRIA/Natron
+deny  ${HOME}/.cache/inkscape
+deny  ${HOME}/.cache/inox
+deny  ${HOME}/.cache/iridium
+deny  ${HOME}/.cache/kcmshell5
+deny  ${HOME}/.cache/KDE/neochat
+deny  ${HOME}/.cache/kdenlive
+deny  ${HOME}/.cache/keepassxc
+deny  ${HOME}/.cache/kfind
+deny  ${HOME}/.cache/kinfocenter
+deny  ${HOME}/.cache/kmail2
+deny  ${HOME}/.cache/krunner
+deny  ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
+deny  ${HOME}/.cache/kscreenlocker_greet
+deny  ${HOME}/.cache/ksmserver-logout-greeter
+deny  ${HOME}/.cache/ksplashqml
+deny  ${HOME}/.cache/kube
+deny  ${HOME}/.cache/kwin
+deny  ${HOME}/.cache/libgweather
+deny  ${HOME}/.cache/librewolf
+deny  ${HOME}/.cache/liferea
+deny  ${HOME}/.cache/lutris
+deny  ${HOME}/.cache/Mendeley Ltd.
+deny  ${HOME}/.cache/marker
+deny  ${HOME}/.cache/matrix-mirage
+deny  ${HOME}/.cache/microsoft-edge-dev
+deny  ${HOME}/.cache/midori
+deny  ${HOME}/.cache/minetest
+deny  ${HOME}/.cache/mirage
+deny  ${HOME}/.cache/moonchild productions/basilisk
+deny  ${HOME}/.cache/moonchild productions/pale moon
+deny  ${HOME}/.cache/mozilla
+deny  ${HOME}/.cache/ms-excel-online
+deny  ${HOME}/.cache/ms-office-online
+deny  ${HOME}/.cache/ms-onenote-online
+deny  ${HOME}/.cache/ms-outlook-online
+deny  ${HOME}/.cache/ms-powerpoint-online
+deny  ${HOME}/.cache/ms-skype-online
+deny  ${HOME}/.cache/ms-word-online
+deny  ${HOME}/.cache/mutt
+deny  ${HOME}/.cache/mypaint
+deny  ${HOME}/.cache/nheko
+deny  ${HOME}/.cache/netsurf
+deny  ${HOME}/.cache/okular
+deny  ${HOME}/.cache/opera
+deny  ${HOME}/.cache/opera-beta
+deny  ${HOME}/.cache/org.gabmus.gfeeds
+deny  ${HOME}/.cache/org.gnome.Books
+deny  ${HOME}/.cache/org.gnome.Maps
+deny  ${HOME}/.cache/pdfmod
+deny  ${HOME}/.cache/peek
+deny  ${HOME}/.cache/pip
+deny  ${HOME}/.cache/pipe-viewer
+deny  ${HOME}/.cache/plasmashell
+deny  ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
+deny  ${HOME}/.cache/psi
+deny  ${HOME}/.cache/qBittorrent
+deny  ${HOME}/.cache/qupzilla
+deny  ${HOME}/.cache/qutebrowser
+deny  ${HOME}/.cache/rhythmbox
+deny  ${HOME}/.cache/shotwell
+deny  ${HOME}/.cache/simple-scan
+deny  ${HOME}/.cache/slimjet
+deny  ${HOME}/.cache/smuxi
+deny  ${HOME}/.cache/snox
+deny  ${HOME}/.cache/spotify
+deny  ${HOME}/.cache/strawberry
+deny  ${HOME}/.cache/straw-viewer
+deny  ${HOME}/.cache/supertuxkart
+deny  ${HOME}/.cache/systemsettings
+deny  ${HOME}/.cache/telepathy
+deny  ${HOME}/.cache/thunderbird
+deny  ${HOME}/.cache/torbrowser
+deny  ${HOME}/.cache/transmission
+deny  ${HOME}/.cache/ungoogled-chromium
+deny  ${HOME}/.cache/vivaldi
+deny  ${HOME}/.cache/vivaldi-snapshot
+deny  ${HOME}/.cache/vlc
+deny  ${HOME}/.cache/vmware
+deny  ${HOME}/.cache/warsow-2.1
+deny  ${HOME}/.cache/waterfox
+deny  ${HOME}/.cache/wesnoth
+deny  ${HOME}/.cache/winetricks
+deny  ${HOME}/.cache/xmms2
+deny  ${HOME}/.cache/xreader
+deny  ${HOME}/.cache/yandex-browser
+deny  ${HOME}/.cache/yandex-browser-beta
+deny  ${HOME}/.cache/youtube-dl
+deny  ${HOME}/.cache/youtube-viewer
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index 8274b021597..da6fb31a38e 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -2,14 +2,14 @@
 # Persistent customizations should go in a .local file.
 include disable-shell.local
 
-blacklist ${PATH}/bash
-blacklist ${PATH}/csh
-blacklist ${PATH}/dash
-blacklist ${PATH}/fish
-blacklist ${PATH}/ksh
-blacklist ${PATH}/mksh
-blacklist ${PATH}/oksh
-blacklist ${PATH}/sh
-blacklist ${PATH}/tclsh
-blacklist ${PATH}/tcsh
-blacklist ${PATH}/zsh
+deny  ${PATH}/bash
+deny  ${PATH}/csh
+deny  ${PATH}/dash
+deny  ${PATH}/fish
+deny  ${PATH}/ksh
+deny  ${PATH}/mksh
+deny  ${PATH}/oksh
+deny  ${PATH}/sh
+deny  ${PATH}/tclsh
+deny  ${PATH}/tcsh
+deny  ${PATH}/zsh
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc
index 22acf272d8b..32aa8c7f6bd 100644
--- a/etc/inc/disable-xdg.inc
+++ b/etc/inc/disable-xdg.inc
@@ -2,10 +2,10 @@
 # Persistent customizations should go in a .local file.
 include disable-xdg.local
 
-blacklist ${DOCUMENTS}
-blacklist ${MUSIC}
-blacklist ${PICTURES}
-blacklist ${VIDEOS}
+deny  ${DOCUMENTS}
+deny  ${MUSIC}
+deny  ${PICTURES}
+deny  ${VIDEOS}
 
 # The following should be considered catch-all directories
 #blacklist ${DESKTOP}
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc
index 862837f1233..06a424440d1 100644
--- a/etc/inc/whitelist-1793-workaround.inc
+++ b/etc/inc/whitelist-1793-workaround.inc
@@ -3,27 +3,27 @@
 include whitelist-1793-workaround.local
 # This works around bug 1793, and allows whitelisting to be used for some KDE applications.
 
-noblacklist ${HOME}/.config/ibus
-noblacklist ${HOME}/.config/mimeapps.list
-noblacklist ${HOME}/.config/pkcs11
-noblacklist ${HOME}/.config/user-dirs.dirs
-noblacklist ${HOME}/.config/user-dirs.locale
-noblacklist ${HOME}/.config/dconf
-noblacklist ${HOME}/.config/fontconfig
-noblacklist ${HOME}/.config/gtk-2.0
-noblacklist ${HOME}/.config/gtk-3.0
-noblacklist ${HOME}/.config/gtk-4.0
-noblacklist ${HOME}/.config/gtkrc
-noblacklist ${HOME}/.config/gtkrc-2.0
-noblacklist ${HOME}/.config/Kvantum
-noblacklist ${HOME}/.config/Trolltech.conf
-noblacklist ${HOME}/.config/QtProject.conf
-noblacklist ${HOME}/.config/kdeglobals
-noblacklist ${HOME}/.config/kio_httprc
-noblacklist ${HOME}/.config/kioslaverc
-noblacklist ${HOME}/.config/ksslcablacklist
-noblacklist ${HOME}/.config/qt5ct
-noblacklist ${HOME}/.config/qtcurve
+nodeny  ${HOME}/.config/ibus
+nodeny  ${HOME}/.config/mimeapps.list
+nodeny  ${HOME}/.config/pkcs11
+nodeny  ${HOME}/.config/user-dirs.dirs
+nodeny  ${HOME}/.config/user-dirs.locale
+nodeny  ${HOME}/.config/dconf
+nodeny  ${HOME}/.config/fontconfig
+nodeny  ${HOME}/.config/gtk-2.0
+nodeny  ${HOME}/.config/gtk-3.0
+nodeny  ${HOME}/.config/gtk-4.0
+nodeny  ${HOME}/.config/gtkrc
+nodeny  ${HOME}/.config/gtkrc-2.0
+nodeny  ${HOME}/.config/Kvantum
+nodeny  ${HOME}/.config/Trolltech.conf
+nodeny  ${HOME}/.config/QtProject.conf
+nodeny  ${HOME}/.config/kdeglobals
+nodeny  ${HOME}/.config/kio_httprc
+nodeny  ${HOME}/.config/kioslaverc
+nodeny  ${HOME}/.config/ksslcablacklist
+nodeny  ${HOME}/.config/qt5ct
+nodeny  ${HOME}/.config/qtcurve
 
-blacklist ${HOME}/.config/*
-whitelist ${HOME}/.config
+deny  ${HOME}/.config/*
+allow  ${HOME}/.config
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc
index fedfb2bc2a1..11070e3724c 100644
--- a/etc/inc/whitelist-common.inc
+++ b/etc/inc/whitelist-common.inc
@@ -4,82 +4,82 @@ include whitelist-common.local
 
 # common whitelist for all profiles
 
-whitelist ${HOME}/.XCompose
-whitelist ${HOME}/.alsaequal.bin
-whitelist ${HOME}/.asoundrc
-whitelist ${HOME}/.config/ibus
-whitelist ${HOME}/.config/mimeapps.list
-whitelist ${HOME}/.config/pkcs11
+allow  ${HOME}/.XCompose
+allow  ${HOME}/.alsaequal.bin
+allow  ${HOME}/.asoundrc
+allow  ${HOME}/.config/ibus
+allow  ${HOME}/.config/mimeapps.list
+allow  ${HOME}/.config/pkcs11
 read-only ${HOME}/.config/pkcs11
-whitelist ${HOME}/.config/user-dirs.dirs
+allow  ${HOME}/.config/user-dirs.dirs
 read-only ${HOME}/.config/user-dirs.dirs
-whitelist ${HOME}/.config/user-dirs.locale
+allow  ${HOME}/.config/user-dirs.locale
 read-only ${HOME}/.config/user-dirs.locale
-whitelist ${HOME}/.drirc
-whitelist ${HOME}/.icons
+allow  ${HOME}/.drirc
+allow  ${HOME}/.icons
 ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
-whitelist ${HOME}/.local/share/applications
+allow  ${HOME}/.local/share/applications
 read-only ${HOME}/.local/share/applications
-whitelist ${HOME}/.local/share/icons
-whitelist ${HOME}/.local/share/mime
-whitelist ${HOME}/.mime.types
-whitelist ${HOME}/.sndio/cookie
-whitelist ${HOME}/.uim.d
+allow  ${HOME}/.local/share/icons
+allow  ${HOME}/.local/share/mime
+allow  ${HOME}/.mime.types
+allow  ${HOME}/.sndio/cookie
+allow  ${HOME}/.uim.d
 
 # dconf
 mkdir ${HOME}/.config/dconf
-whitelist ${HOME}/.config/dconf
+allow  ${HOME}/.config/dconf
 
 # fonts
-whitelist ${HOME}/.cache/fontconfig
-whitelist ${HOME}/.config/fontconfig
-whitelist ${HOME}/.fontconfig
-whitelist ${HOME}/.fonts
-whitelist ${HOME}/.fonts.conf
-whitelist ${HOME}/.fonts.conf.d
-whitelist ${HOME}/.fonts.d
-whitelist ${HOME}/.local/share/fonts
-whitelist ${HOME}/.pangorc
+allow  ${HOME}/.cache/fontconfig
+allow  ${HOME}/.config/fontconfig
+allow  ${HOME}/.fontconfig
+allow  ${HOME}/.fonts
+allow  ${HOME}/.fonts.conf
+allow  ${HOME}/.fonts.conf.d
+allow  ${HOME}/.fonts.d
+allow  ${HOME}/.local/share/fonts
+allow  ${HOME}/.pangorc
 
 # gtk
-whitelist ${HOME}/.config/gtk-2.0
-whitelist ${HOME}/.config/gtk-3.0
-whitelist ${HOME}/.config/gtk-4.0
-whitelist ${HOME}/.config/gtkrc
-whitelist ${HOME}/.config/gtkrc-2.0
-whitelist ${HOME}/.gnome2
-whitelist ${HOME}/.gnome2-private
-whitelist ${HOME}/.gtk-2.0
-whitelist ${HOME}/.gtkrc
-whitelist ${HOME}/.gtkrc-2.0
-whitelist ${HOME}/.kde/share/config/gtkrc
-whitelist ${HOME}/.kde/share/config/gtkrc-2.0
-whitelist ${HOME}/.kde4/share/config/gtkrc
-whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
-whitelist ${HOME}/.local/share/themes
-whitelist ${HOME}/.themes
+allow  ${HOME}/.config/gtk-2.0
+allow  ${HOME}/.config/gtk-3.0
+allow  ${HOME}/.config/gtk-4.0
+allow  ${HOME}/.config/gtkrc
+allow  ${HOME}/.config/gtkrc-2.0
+allow  ${HOME}/.gnome2
+allow  ${HOME}/.gnome2-private
+allow  ${HOME}/.gtk-2.0
+allow  ${HOME}/.gtkrc
+allow  ${HOME}/.gtkrc-2.0
+allow  ${HOME}/.kde/share/config/gtkrc
+allow  ${HOME}/.kde/share/config/gtkrc-2.0
+allow  ${HOME}/.kde4/share/config/gtkrc
+allow  ${HOME}/.kde4/share/config/gtkrc-2.0
+allow  ${HOME}/.local/share/themes
+allow  ${HOME}/.themes
 
 # qt/kde
-whitelist ${HOME}/.cache/kioexec/krun
-whitelist ${HOME}/.config/Kvantum
-whitelist ${HOME}/.config/Trolltech.conf
-whitelist ${HOME}/.config/QtProject.conf
-whitelist ${HOME}/.config/kdeglobals
-whitelist ${HOME}/.config/kio_httprc
-whitelist ${HOME}/.config/kioslaverc
-whitelist ${HOME}/.config/ksslcablacklist
-whitelist ${HOME}/.config/qt5ct
-whitelist ${HOME}/.config/qtcurve
-whitelist ${HOME}/.kde/share/config/kdeglobals
-whitelist ${HOME}/.kde/share/config/kio_httprc
-whitelist ${HOME}/.kde/share/config/kioslaverc
-whitelist ${HOME}/.kde/share/config/ksslcablacklist
-whitelist ${HOME}/.kde/share/config/oxygenrc
-whitelist ${HOME}/.kde/share/icons
-whitelist ${HOME}/.kde4/share/config/kdeglobals
-whitelist ${HOME}/.kde4/share/config/kio_httprc
-whitelist ${HOME}/.kde4/share/config/kioslaverc
-whitelist ${HOME}/.kde4/share/config/ksslcablacklist
-whitelist ${HOME}/.kde4/share/config/oxygenrc
-whitelist ${HOME}/.kde4/share/icons
-whitelist ${HOME}/.local/share/qt5ct
+allow  ${HOME}/.cache/kioexec/krun
+allow  ${HOME}/.config/Kvantum
+allow  ${HOME}/.config/Trolltech.conf
+allow  ${HOME}/.config/QtProject.conf
+allow  ${HOME}/.config/kdeglobals
+allow  ${HOME}/.config/kio_httprc
+allow  ${HOME}/.config/kioslaverc
+allow  ${HOME}/.config/ksslcablacklist
+allow  ${HOME}/.config/qt5ct
+allow  ${HOME}/.config/qtcurve
+allow  ${HOME}/.kde/share/config/kdeglobals
+allow  ${HOME}/.kde/share/config/kio_httprc
+allow  ${HOME}/.kde/share/config/kioslaverc
+allow  ${HOME}/.kde/share/config/ksslcablacklist
+allow  ${HOME}/.kde/share/config/oxygenrc
+allow  ${HOME}/.kde/share/icons
+allow  ${HOME}/.kde4/share/config/kdeglobals
+allow  ${HOME}/.kde4/share/config/kio_httprc
+allow  ${HOME}/.kde4/share/config/kioslaverc
+allow  ${HOME}/.kde4/share/config/ksslcablacklist
+allow  ${HOME}/.kde4/share/config/oxygenrc
+allow  ${HOME}/.kde4/share/icons
+allow  ${HOME}/.local/share/qt5ct
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc
index e5bf3680408..d6ae8eab633 100644
--- a/etc/inc/whitelist-player-common.inc
+++ b/etc/inc/whitelist-player-common.inc
@@ -4,8 +4,8 @@ include whitelist-player-common.local
 
 # common whitelist for all media players
 
-whitelist ${DESKTOP}
-whitelist ${DOWNLOADS}
-whitelist ${MUSIC}
-whitelist ${PICTURES}
-whitelist ${VIDEOS}
+allow  ${DESKTOP}
+allow  ${DOWNLOADS}
+allow  ${MUSIC}
+allow  ${PICTURES}
+allow  ${VIDEOS}
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc
index 48309ffe3b7..86e5264b950 100644
--- a/etc/inc/whitelist-runuser-common.inc
+++ b/etc/inc/whitelist-runuser-common.inc
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local
 
 # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles
 
-whitelist ${RUNUSER}/bus
-whitelist ${RUNUSER}/dconf
-whitelist ${RUNUSER}/gdm/Xauthority
-whitelist ${RUNUSER}/ICEauthority
-whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
-whitelist ${RUNUSER}/pulse/native
-whitelist ${RUNUSER}/wayland-0
-whitelist ${RUNUSER}/wayland-1
-whitelist ${RUNUSER}/xauth_*
-whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
+allow  ${RUNUSER}/bus
+allow  ${RUNUSER}/dconf
+allow  ${RUNUSER}/gdm/Xauthority
+allow  ${RUNUSER}/ICEauthority
+allow  ${RUNUSER}/.mutter-Xwaylandauth.*
+allow  ${RUNUSER}/pulse/native
+allow  ${RUNUSER}/wayland-0
+allow  ${RUNUSER}/wayland-1
+allow  ${RUNUSER}/xauth_*
+allow  ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index fe009793408..64296da157c 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local
 
 # common /usr/share whitelist for all profiles
 
-whitelist /usr/share/alsa
-whitelist /usr/share/applications
-whitelist /usr/share/ca-certificates
-whitelist /usr/share/crypto-policies
-whitelist /usr/share/cursors
-whitelist /usr/share/dconf
-whitelist /usr/share/distro-info
-whitelist /usr/share/drirc.d
-whitelist /usr/share/enchant
-whitelist /usr/share/enchant-2
-whitelist /usr/share/file
-whitelist /usr/share/fontconfig
-whitelist /usr/share/fonts
-whitelist /usr/share/fonts-config
-whitelist /usr/share/gir-1.0
-whitelist /usr/share/gjs-1.0
-whitelist /usr/share/glib-2.0
-whitelist /usr/share/glvnd
-whitelist /usr/share/gtk-2.0
-whitelist /usr/share/gtk-3.0
-whitelist /usr/share/gtk-engines
-whitelist /usr/share/gtksourceview-3.0
-whitelist /usr/share/gtksourceview-4
-whitelist /usr/share/hunspell
-whitelist /usr/share/hwdata
-whitelist /usr/share/icons
-whitelist /usr/share/icu
-whitelist /usr/share/knotifications5
-whitelist /usr/share/kservices5
-whitelist /usr/share/Kvantum
-whitelist /usr/share/kxmlgui5
-whitelist /usr/share/libdrm
-whitelist /usr/share/libthai
-whitelist /usr/share/locale
-whitelist /usr/share/mime
-whitelist /usr/share/misc
-whitelist /usr/share/Modules
-whitelist /usr/share/myspell
-whitelist /usr/share/p11-kit
-whitelist /usr/share/perl
-whitelist /usr/share/perl5
-whitelist /usr/share/pixmaps
-whitelist /usr/share/pki
-whitelist /usr/share/plasma
-whitelist /usr/share/publicsuffix
-whitelist /usr/share/qt
-whitelist /usr/share/qt4
-whitelist /usr/share/qt5
-whitelist /usr/share/qt5ct
-whitelist /usr/share/sounds
-whitelist /usr/share/tcl8.6
-whitelist /usr/share/tcltk
-whitelist /usr/share/terminfo
-whitelist /usr/share/texlive
-whitelist /usr/share/texmf
-whitelist /usr/share/themes
-whitelist /usr/share/thumbnail.so
-whitelist /usr/share/uim
-whitelist /usr/share/vulkan
-whitelist /usr/share/X11
-whitelist /usr/share/xml
-whitelist /usr/share/zenity
-whitelist /usr/share/zoneinfo
+allow  /usr/share/alsa
+allow  /usr/share/applications
+allow  /usr/share/ca-certificates
+allow  /usr/share/crypto-policies
+allow  /usr/share/cursors
+allow  /usr/share/dconf
+allow  /usr/share/distro-info
+allow  /usr/share/drirc.d
+allow  /usr/share/enchant
+allow  /usr/share/enchant-2
+allow  /usr/share/file
+allow  /usr/share/fontconfig
+allow  /usr/share/fonts
+allow  /usr/share/fonts-config
+allow  /usr/share/gir-1.0
+allow  /usr/share/gjs-1.0
+allow  /usr/share/glib-2.0
+allow  /usr/share/glvnd
+allow  /usr/share/gtk-2.0
+allow  /usr/share/gtk-3.0
+allow  /usr/share/gtk-engines
+allow  /usr/share/gtksourceview-3.0
+allow  /usr/share/gtksourceview-4
+allow  /usr/share/hunspell
+allow  /usr/share/hwdata
+allow  /usr/share/icons
+allow  /usr/share/icu
+allow  /usr/share/knotifications5
+allow  /usr/share/kservices5
+allow  /usr/share/Kvantum
+allow  /usr/share/kxmlgui5
+allow  /usr/share/libdrm
+allow  /usr/share/libthai
+allow  /usr/share/locale
+allow  /usr/share/mime
+allow  /usr/share/misc
+allow  /usr/share/Modules
+allow  /usr/share/myspell
+allow  /usr/share/p11-kit
+allow  /usr/share/perl
+allow  /usr/share/perl5
+allow  /usr/share/pixmaps
+allow  /usr/share/pki
+allow  /usr/share/plasma
+allow  /usr/share/publicsuffix
+allow  /usr/share/qt
+allow  /usr/share/qt4
+allow  /usr/share/qt5
+allow  /usr/share/qt5ct
+allow  /usr/share/sounds
+allow  /usr/share/tcl8.6
+allow  /usr/share/tcltk
+allow  /usr/share/terminfo
+allow  /usr/share/texlive
+allow  /usr/share/texmf
+allow  /usr/share/themes
+allow  /usr/share/thumbnail.so
+allow  /usr/share/uim
+allow  /usr/share/vulkan
+allow  /usr/share/X11
+allow  /usr/share/xml
+allow  /usr/share/zenity
+allow  /usr/share/zoneinfo
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc
index d8ba84ad041..c449e8905fa 100644
--- a/etc/inc/whitelist-var-common.inc
+++ b/etc/inc/whitelist-var-common.inc
@@ -4,12 +4,12 @@ include whitelist-var-common.local
 
 # common /var whitelist for all profiles
 
-whitelist /var/lib/aspell
-whitelist /var/lib/ca-certificates
-whitelist /var/lib/dbus
-whitelist /var/lib/menu-xdg
-whitelist /var/lib/uim
-whitelist /var/cache/fontconfig
-whitelist /var/tmp
-whitelist /var/run
-whitelist /var/lock
+allow  /var/lib/aspell
+allow  /var/lib/ca-certificates
+allow  /var/lib/dbus
+allow  /var/lib/menu-xdg
+allow  /var/lib/uim
+allow  /var/cache/fontconfig
+allow  /var/tmp
+allow  /var/run
+allow  /var/lock
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile
index 4009853d386..6f493fff117 100644
--- a/etc/profile-a-l/0ad.profile
+++ b/etc/profile-a-l/0ad.profile
@@ -6,11 +6,11 @@ include 0ad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/0ad
-noblacklist ${HOME}/.config/0ad
-noblacklist ${HOME}/.local/share/0ad
+nodeny  ${HOME}/.cache/0ad
+nodeny  ${HOME}/.config/0ad
+nodeny  ${HOME}/.local/share/0ad
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/0ad
 mkdir ${HOME}/.config/0ad
 mkdir ${HOME}/.local/share/0ad
-whitelist ${HOME}/.cache/0ad
-whitelist ${HOME}/.config/0ad
-whitelist ${HOME}/.local/share/0ad
-whitelist /usr/share/0ad
-whitelist /usr/share/games
+allow  ${HOME}/.cache/0ad
+allow  ${HOME}/.config/0ad
+allow  ${HOME}/.local/share/0ad
+allow  /usr/share/0ad
+allow  /usr/share/games
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile
index 1d787cba763..3a7b331a723 100644
--- a/etc/profile-a-l/2048-qt.profile
+++ b/etc/profile-a-l/2048-qt.profile
@@ -6,8 +6,8 @@ include 2048-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/2048-qt
-noblacklist ${HOME}/.config/xiaoyong
+nodeny  ${HOME}/.config/2048-qt
+nodeny  ${HOME}/.config/xiaoyong
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/2048-qt
 mkdir ${HOME}/.config/xiaoyong
-whitelist ${HOME}/.config/2048-qt
-whitelist ${HOME}/.config/xiaoyong
+allow  ${HOME}/.config/2048-qt
+allow  ${HOME}/.config/xiaoyong
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile
index 1d86b0fbf7d..def0ec11188 100644
--- a/etc/profile-a-l/Cryptocat.profile
+++ b/etc/profile-a-l/Cryptocat.profile
@@ -5,7 +5,7 @@ include Cryptocat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Cryptocat
+nodeny  ${HOME}/.config/Cryptocat
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile
index 3f274b21c5b..1d3ae49ca43 100644
--- a/etc/profile-a-l/Discord.profile
+++ b/etc/profile-a-l/Discord.profile
@@ -5,10 +5,10 @@ include Discord.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discord
+nodeny  ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-whitelist ${HOME}/.config/discord
+allow  ${HOME}/.config/discord
 
 private-bin Discord
 private-opt Discord
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile
index d24e73ed8e2..3c85f187b50 100644
--- a/etc/profile-a-l/DiscordCanary.profile
+++ b/etc/profile-a-l/DiscordCanary.profile
@@ -5,10 +5,10 @@ include DiscordCanary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discordcanary
+nodeny  ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-whitelist ${HOME}/.config/discordcanary
+allow  ${HOME}/.config/discordcanary
 
 private-bin DiscordCanary
 private-opt DiscordCanary
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile
index 7dc6b5ff0aa..8f746581f10 100644
--- a/etc/profile-a-l/Fritzing.profile
+++ b/etc/profile-a-l/Fritzing.profile
@@ -6,8 +6,8 @@ include Fritzing.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Fritzing
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/Fritzing
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile
index d10b70796b5..9a00c323042 100644
--- a/etc/profile-a-l/JDownloader.profile
+++ b/etc/profile-a-l/JDownloader.profile
@@ -5,7 +5,7 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.jd
+nodeny  ${HOME}/.jd
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jd
-whitelist ${HOME}/.jd
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.jd
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
index 75da9a9561f..2a92c7db454 100644
--- a/etc/profile-a-l/abiword.profile
+++ b/etc/profile-a-l/abiword.profile
@@ -6,7 +6,7 @@ include abiword.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/abiword
+nodeny  ${HOME}/.config/abiword
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-whitelist /usr/share/abiword-3.0
+allow  /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile
index 2e6e8f1affa..70ddcec20a6 100644
--- a/etc/profile-a-l/abrowser.profile
+++ b/etc/profile-a-l/abrowser.profile
@@ -5,13 +5,13 @@ include abrowser.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/abrowser
 mkdir ${HOME}/.mozilla
-whitelist ${HOME}/.cache/mozilla/abrowser
-whitelist ${HOME}/.mozilla
+allow  ${HOME}/.cache/mozilla/abrowser
+allow  ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc abrowser
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index 34f59769e01..d32586c5b90 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -7,8 +7,8 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,7 +23,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index 37fdb38b52a..7b1d1445f06 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -4,22 +4,22 @@ include akonadi_control.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/akonadi*
-noblacklist ${HOME}/.config/akonadi*
-noblacklist ${HOME}/.config/baloorc
-noblacklist ${HOME}/.config/emaildefaults
-noblacklist ${HOME}/.config/emailidentities
-noblacklist ${HOME}/.config/kmail2rc
-noblacklist ${HOME}/.config/mailtransports
-noblacklist ${HOME}/.config/specialmailcollectionsrc
-noblacklist ${HOME}/.local/share/akonadi*
-noblacklist ${HOME}/.local/share/apps/korganizer
-noblacklist ${HOME}/.local/share/contacts
-noblacklist ${HOME}/.local/share/local-mail
-noblacklist ${HOME}/.local/share/notes
-noblacklist /sbin
-noblacklist /tmp/akonadi-*
-noblacklist /usr/sbin
+nodeny  ${HOME}/.cache/akonadi*
+nodeny  ${HOME}/.config/akonadi*
+nodeny  ${HOME}/.config/baloorc
+nodeny  ${HOME}/.config/emaildefaults
+nodeny  ${HOME}/.config/emailidentities
+nodeny  ${HOME}/.config/kmail2rc
+nodeny  ${HOME}/.config/mailtransports
+nodeny  ${HOME}/.config/specialmailcollectionsrc
+nodeny  ${HOME}/.local/share/akonadi*
+nodeny  ${HOME}/.local/share/apps/korganizer
+nodeny  ${HOME}/.local/share/contacts
+nodeny  ${HOME}/.local/share/local-mail
+nodeny  ${HOME}/.local/share/notes
+nodeny  /sbin
+nodeny  /tmp/akonadi-*
+nodeny  /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
index 38fcd2dc1a6..b2323547c74 100644
--- a/etc/profile-a-l/akregator.profile
+++ b/etc/profile-a-l/akregator.profile
@@ -6,9 +6,9 @@ include akregator.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/akregatorrc
-noblacklist ${HOME}/.local/share/akregator
-noblacklist ${HOME}/.local/share/kxmlgui5/akregator
+nodeny  ${HOME}/.config/akregatorrc
+nodeny  ${HOME}/.local/share/akregator
+nodeny  ${HOME}/.local/share/kxmlgui5/akregator
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-shell.inc
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator
 mkdir ${HOME}/.local/share/kxmlgui5/akregator
-whitelist ${HOME}/.config/akregatorrc
-whitelist ${HOME}/.local/share/akregator
-whitelist ${HOME}/.local/share/kssl
-whitelist ${HOME}/.local/share/kxmlgui5/akregator
+allow  ${HOME}/.config/akregatorrc
+allow  ${HOME}/.local/share/akregator
+allow  ${HOME}/.local/share/kssl
+allow  ${HOME}/.local/share/kxmlgui5/akregator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile
index 4c6d68020dd..ca6c8d887b6 100644
--- a/etc/profile-a-l/alacarte.profile
+++ b/etc/profile-a-l/alacarte.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 
 # Whitelist your system icon directory,varies by distro
-whitelist /usr/share/alacarte
-whitelist /usr/share/app-info
-whitelist /usr/share/desktop-directories
-whitelist /usr/share/icons
-whitelist /var/lib/app-info/icons
-whitelist /var/lib/flatpak/exports/share/applications
-whitelist /var/lib/flatpak/exports/share/icons
+allow  /usr/share/alacarte
+allow  /usr/share/app-info
+allow  /usr/share/desktop-directories
+allow  /usr/share/icons
+allow  /var/lib/app-info/icons
+allow  /var/lib/flatpak/exports/share/applications
+allow  /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
index 81ee6bd46dd..220c3345d3e 100644
--- a/etc/profile-a-l/alienarena.profile
+++ b/etc/profile-a-l/alienarena.profile
@@ -6,7 +6,7 @@ include alienarena.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/cor-games
+nodeny  ${HOME}/.local/share/cor-games
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/cor-games
-whitelist ${HOME}/.local/share/cor-games
-whitelist /usr/share/alienarena
+allow  ${HOME}/.local/share/cor-games
+allow  /usr/share/alienarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 0b5cf0df0c7..6fa3edfa18a 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -10,28 +10,28 @@ include globals.local
 # Workaround for bug https://github.com/netblue30/firejail/issues/2747
 # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
 
-noblacklist /var/mail
-noblacklist /var/spool/mail
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.addressbook
-noblacklist ${HOME}/.alpine-smime
-noblacklist ${HOME}/.mailcap
-noblacklist ${HOME}/.mh_profile
-noblacklist ${HOME}/.mime.types
-noblacklist ${HOME}/.newsrc
-noblacklist ${HOME}/.pine-crash
-noblacklist ${HOME}/.pine-debug1
-noblacklist ${HOME}/.pine-debug2
-noblacklist ${HOME}/.pine-debug3
-noblacklist ${HOME}/.pine-debug4
-noblacklist ${HOME}/.pine-interrupted-mail
-noblacklist ${HOME}/.pinerc
-noblacklist ${HOME}/.pinercex
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/mail
+nodeny  /var/mail
+nodeny  /var/spool/mail
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.addressbook
+nodeny  ${HOME}/.alpine-smime
+nodeny  ${HOME}/.mailcap
+nodeny  ${HOME}/.mh_profile
+nodeny  ${HOME}/.mime.types
+nodeny  ${HOME}/.newsrc
+nodeny  ${HOME}/.pine-crash
+nodeny  ${HOME}/.pine-debug1
+nodeny  ${HOME}/.pine-debug2
+nodeny  ${HOME}/.pine-debug3
+nodeny  ${HOME}/.pine-debug4
+nodeny  ${HOME}/.pine-interrupted-mail
+nodeny  ${HOME}/.pinerc
+nodeny  ${HOME}/.pinercex
+nodeny  ${HOME}/.signature
+nodeny  ${HOME}/mail
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -60,8 +60,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.pine-debug4
 #whitelist ${HOME}/.signature
 #whitelist ${HOME}/mail
-whitelist /var/mail
-whitelist /var/spool/mail
+allow  /var/mail
+allow  /var/spool/mail
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile
index a7caddc4cbe..03aba36e4fa 100644
--- a/etc/profile-a-l/amarok.profile
+++ b/etc/profile-a-l/amarok.profile
@@ -6,7 +6,7 @@ include amarok.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile
index e3c4164ee56..00039a7e9c4 100644
--- a/etc/profile-a-l/amule.profile
+++ b/etc/profile-a-l/amule.profile
@@ -6,7 +6,7 @@ include amule.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.aMule
+nodeny  ${HOME}/.aMule
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.aMule
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.aMule
+allow  ${DOWNLOADS}
+allow  ${HOME}/.aMule
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 5a21744cfb9..5bf6ed773c3 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,13 +5,13 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Google
-noblacklist ${HOME}/.AndroidStudio*
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.jack-server
-noblacklist ${HOME}/.jack-settings
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.config/Google
+nodeny  ${HOME}/.AndroidStudio*
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.jack-server
+nodeny  ${HOME}/.jack-settings
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
index ef60e91c251..ec99fe6c205 100644
--- a/etc/profile-a-l/anki.profile
+++ b/etc/profile-a-l/anki.profile
@@ -6,8 +6,8 @@ include anki.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.local/share/Anki2
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.local/share/Anki2
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/Anki2
-whitelist ${DOCUMENTS}
-whitelist ${HOME}/.local/share/Anki2
+allow  ${DOCUMENTS}
+allow  ${HOME}/.local/share/Anki2
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
index fdaf1025952..cb30ed8da69 100644
--- a/etc/profile-a-l/anydesk.profile
+++ b/etc/profile-a-l/anydesk.profile
@@ -5,7 +5,7 @@ include anydesk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.anydesk
+nodeny  ${HOME}/.anydesk
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.anydesk
-whitelist ${HOME}/.anydesk
+allow  ${HOME}/.anydesk
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index e7b09283ef6..d647a465745 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -5,13 +5,13 @@ include aosp.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.bash_history
-noblacklist ${HOME}/.jack-server
-noblacklist ${HOME}/.jack-settings
-noblacklist ${HOME}/.repo_.gitconfig.json
-noblacklist ${HOME}/.repoconfig
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.bash_history
+nodeny  ${HOME}/.jack-server
+nodeny  ${HOME}/.jack-settings
+nodeny  ${HOME}/.repo_.gitconfig.json
+nodeny  ${HOME}/.repoconfig
+nodeny  ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
index 01566314f86..020ae2812e2 100644
--- a/etc/profile-a-l/apostrophe.profile
+++ b/etc/profile-a-l/apostrophe.profile
@@ -6,9 +6,9 @@ include apostrophe.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.texlive20*
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.texlive20*
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -31,12 +31,12 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/apostrophe
-whitelist /usr/share/texlive
-whitelist /usr/share/texmf
-whitelist /usr/share/pandoc-*
-whitelist /usr/share/perl5
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/apostrophe
+allow  /usr/share/texlive
+allow  /usr/share/texmf
+allow  /usr/share/pandoc-*
+allow  /usr/share/perl5
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
index accabb6f592..8c71dd574c9 100644
--- a/etc/profile-a-l/arch-audit.profile
+++ b/etc/profile-a-l/arch-audit.profile
@@ -7,7 +7,7 @@ include arch-audit.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/arch-audit
+allow  /usr/share/arch-audit
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile
index 19c37f90ed1..0915ede333e 100644
--- a/etc/profile-a-l/archaudit-report.profile
+++ b/etc/profile-a-l/archaudit-report.profile
@@ -6,7 +6,7 @@ include archaudit-report.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile
index 1fab4606bfe..5b859ceb1b4 100644
--- a/etc/profile-a-l/archiver-common.profile
+++ b/etc/profile-a-l/archiver-common.profile
@@ -4,7 +4,7 @@ include archiver-common.local
 
 # common profile for archiver/compression tools
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your archiver-common.local
 # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver**
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile
index 84b1d6c185b..960948afcaa 100644
--- a/etc/profile-a-l/ardour5.profile
+++ b/etc/profile-a-l/ardour5.profile
@@ -5,12 +5,12 @@ include ardour5.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ardour4
-noblacklist ${HOME}/.config/ardour5
-noblacklist ${HOME}/.lv2
-noblacklist ${HOME}/.vst
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/ardour4
+nodeny  ${HOME}/.config/ardour5
+nodeny  ${HOME}/.lv2
+nodeny  ${HOME}/.vst
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile
index fd1ca9a09b5..88f14fbfed7 100644
--- a/etc/profile-a-l/arduino.profile
+++ b/etc/profile-a-l/arduino.profile
@@ -6,9 +6,9 @@ include arduino.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.arduino15
-noblacklist ${HOME}/Arduino
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.arduino15
+nodeny  ${HOME}/Arduino
+nodeny  ${DOCUMENTS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index 22b8ecd65cf..be56011f05f 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -6,12 +6,12 @@ include aria2c.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.aria2
-noblacklist ${HOME}/.config/aria2
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.aria2
+nodeny  ${HOME}/.config/aria2
+nodeny  ${HOME}/.netrc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile
index a63dd8f5f0e..031c5708010 100644
--- a/etc/profile-a-l/ark.profile
+++ b/etc/profile-a-l/ark.profile
@@ -6,8 +6,8 @@ include ark.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/arkrc
-noblacklist ${HOME}/.local/share/kxmlgui5/ark
+nodeny  ${HOME}/.config/arkrc
+nodeny  ${HOME}/.local/share/kxmlgui5/ark
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/ark
+allow  /usr/share/ark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile
index 2c8b630ce9d..9ed8076be5e 100644
--- a/etc/profile-a-l/arm.profile
+++ b/etc/profile-a-l/arm.profile
@@ -6,7 +6,7 @@ include arm.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.arm
+nodeny  ${HOME}/.arm
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.arm
-whitelist ${HOME}/.arm
+allow  ${HOME}/.arm
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
index fab72b7d3dd..7cfac4915e2 100644
--- a/etc/profile-a-l/artha.profile
+++ b/etc/profile-a-l/artha.profile
@@ -6,12 +6,12 @@ include artha.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/artha.conf
-noblacklist ${HOME}/.config/artha.log
-noblacklist ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/artha.conf
+nodeny  ${HOME}/.config/artha.log
+nodeny  ${HOME}/.config/enchant
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,8 +28,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/artha.conf
 #whitelist ${HOME}/.config/artha.log
 #whitelist ${HOME}/.config/enchant
-whitelist /usr/share/artha
-whitelist /usr/share/wordnet
+allow  /usr/share/artha
+allow  /usr/share/wordnet
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
index 977fe30a4aa..f2251c210d5 100644
--- a/etc/profile-a-l/assogiate.profile
+++ b/etc/profile-a-l/assogiate.profile
@@ -6,7 +6,7 @@ include assogiate.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${PICTURES}
+allow  ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile
index c97fd691ac2..e650722665f 100644
--- a/etc/profile-a-l/asunder.profile
+++ b/etc/profile-a-l/asunder.profile
@@ -6,11 +6,11 @@ include asunder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/asunder
-noblacklist ${HOME}/.asunder_album_genre
-noblacklist ${HOME}/.asunder_album_title
-noblacklist ${HOME}/.asunder_album_artist
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/asunder
+nodeny  ${HOME}/.asunder_album_genre
+nodeny  ${HOME}/.asunder_album_title
+nodeny  ${HOME}/.asunder_album_artist
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile
index 5f237ac59cf..ea3038537b9 100644
--- a/etc/profile-a-l/atom.profile
+++ b/etc/profile-a-l/atom.profile
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc
 ignore apparmor
 ignore disable-mnt
 
-noblacklist ${HOME}/.atom
-noblacklist ${HOME}/.config/Atom
+nodeny  ${HOME}/.atom
+nodeny  ${HOME}/.config/Atom
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile
index 1c3ed66ff29..8ae8617cfdb 100644
--- a/etc/profile-a-l/atril.profile
+++ b/etc/profile-a-l/atril.profile
@@ -6,9 +6,9 @@ include atril.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/atril
-noblacklist ${HOME}/.config/atril
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/atril
+nodeny  ${HOME}/.config/atril
+nodeny  ${DOCUMENTS}
 
 #noblacklist ${HOME}/.local/share
 # it seems to use only ${HOME}/.local/share/webkitgtk
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile
index f9f20978613..53baf0a2a26 100644
--- a/etc/profile-a-l/audacious.profile
+++ b/etc/profile-a-l/audacious.profile
@@ -6,9 +6,9 @@ include audacious.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Audaciousrc
-noblacklist ${HOME}/.config/audacious
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/Audaciousrc
+nodeny  ${HOME}/.config/audacious
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index a2de8436ac3..c244846e1dd 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -6,9 +6,9 @@ include audacity.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.audacity-data
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.audacity-data
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile
index 2c7fdc81209..534792cc661 100644
--- a/etc/profile-a-l/audio-recorder.profile
+++ b/etc/profile-a-l/audio-recorder.profile
@@ -7,7 +7,7 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${MUSIC}
-whitelist ${DOWNLOADS}
-whitelist /usr/share/audio-recorder
-whitelist /usr/share/gstreamer-1.0
+allow  ${MUSIC}
+allow  ${DOWNLOADS}
+allow  /usr/share/audio-recorder
+allow  /usr/share/gstreamer-1.0
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
index 2ebe35dd510..0d6eb6a2146 100644
--- a/etc/profile-a-l/authenticator-rs.profile
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -6,7 +6,7 @@ include authenticator-rs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/authenticator-rs
+nodeny  ${HOME}/.local/share/authenticator-rs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/authenticator-rs
-whitelist ${HOME}/.local/share/authenticator-rs
-whitelist ${DOWNLOADS}
-whitelist /usr/share/uk.co.grumlimited.authenticator-rs
+allow  ${HOME}/.local/share/authenticator-rs
+allow  ${DOWNLOADS}
+allow  /usr/share/uk.co.grumlimited.authenticator-rs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile
index 42d9cd56a02..55d967e3e65 100644
--- a/etc/profile-a-l/authenticator.profile
+++ b/etc/profile-a-l/authenticator.profile
@@ -6,8 +6,8 @@ include authenticator.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Authenticator
-noblacklist ${HOME}/.config/Authenticator
+nodeny  ${HOME}/.cache/Authenticator
+nodeny  ${HOME}/.config/Authenticator
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile
index 891928e5a6d..a5b3b22f6df 100644
--- a/etc/profile-a-l/autokey-common.profile
+++ b/etc/profile-a-l/autokey-common.profile
@@ -7,8 +7,8 @@ include autokey-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.config/autokey
-noblacklist ${HOME}/.local/share/autokey
+nodeny  ${HOME}/.config/autokey
+nodeny  ${HOME}/.local/share/autokey
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile
index 1ecc03da1f7..0feb05d75b2 100644
--- a/etc/profile-a-l/avidemux.profile
+++ b/etc/profile-a-l/avidemux.profile
@@ -5,9 +5,9 @@ include avidemux.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.avidemux6
-noblacklist ${HOME}/.config/avidemux3_qt5rc
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.avidemux6
+nodeny  ${HOME}/.config/avidemux3_qt5rc
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.avidemux6
 mkdir ${HOME}/.config/avidemux3_qt5rc
-whitelist ${HOME}/.avidemux6
-whitelist ${HOME}/.config/avidemux3_qt5rc
-whitelist ${VIDEOS}
+allow  ${HOME}/.avidemux6
+allow  ${HOME}/.config/avidemux3_qt5rc
+allow  ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
index a57ad401474..abe9fdb24e0 100644
--- a/etc/profile-a-l/aweather.profile
+++ b/etc/profile-a-l/aweather.profile
@@ -6,7 +6,7 @@ include aweather.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/aweather
+nodeny  ${HOME}/.config/aweather
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/aweather
-whitelist ${HOME}/.config/aweather
+allow  ${HOME}/.config/aweather
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile
index 5d1bf5071e5..58f4f5e96ae 100644
--- a/etc/profile-a-l/awesome.profile
+++ b/etc/profile-a-l/awesome.profile
@@ -7,7 +7,7 @@ include awesome.local
 include globals.local
 
 # all applications started in awesome will run in this profile
-noblacklist ${HOME}/.config/awesome
+nodeny  ${HOME}/.config/awesome
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
index 3952921a3f3..46bb0b44e1a 100644
--- a/etc/profile-a-l/ballbuster.profile
+++ b/etc/profile-a-l/ballbuster.profile
@@ -6,7 +6,7 @@ include ballbuster.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ballbuster.hs
+nodeny  ${HOME}/.ballbuster.hs
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.ballbuster.hs
-whitelist ${HOME}/.ballbuster.hs
-whitelist /usr/share/ballbuster
+allow  ${HOME}/.ballbuster.hs
+allow  /usr/share/ballbuster
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile
index fe86d9b80bf..2b10883f741 100644
--- a/etc/profile-a-l/baloo_file.profile
+++ b/etc/profile-a-l/baloo_file.profile
@@ -12,12 +12,12 @@ include globals.local
 # read-write ${HOME}/.local/share/baloo
 # ignore read-write
 
-noblacklist ${HOME}/.config/baloofilerc
-noblacklist ${HOME}/.kde/share/config/baloofilerc
-noblacklist ${HOME}/.kde/share/config/baloorc
-noblacklist ${HOME}/.kde4/share/config/baloofilerc
-noblacklist ${HOME}/.kde4/share/config/baloorc
-noblacklist ${HOME}/.local/share/baloo
+nodeny  ${HOME}/.config/baloofilerc
+nodeny  ${HOME}/.kde/share/config/baloofilerc
+nodeny  ${HOME}/.kde/share/config/baloorc
+nodeny  ${HOME}/.kde4/share/config/baloofilerc
+nodeny  ${HOME}/.kde4/share/config/baloorc
+nodeny  ${HOME}/.local/share/baloo
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
index 8c69652c5b6..1e74443aae8 100644
--- a/etc/profile-a-l/balsa.profile
+++ b/etc/profile-a-l/balsa.profile
@@ -6,13 +6,13 @@ include balsa.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.balsa
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/mail
-noblacklist /var/mail
-noblacklist /var/spool/mail
+nodeny  ${HOME}/.balsa
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.signature
+nodeny  ${HOME}/mail
+nodeny  /var/mail
+nodeny  /var/spool/mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.signature
 mkdir ${HOME}/mail
-whitelist ${HOME}/.balsa
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.signature
-whitelist ${HOME}/mail
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/balsa
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /var/mail
-whitelist /var/spool/mail
+allow  ${HOME}/.balsa
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.signature
+allow  ${HOME}/mail
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/balsa
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /var/mail
+allow  /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile
index 7b50e919922..fcea9b3ba4d 100644
--- a/etc/profile-a-l/barrier.profile
+++ b/etc/profile-a-l/barrier.profile
@@ -6,9 +6,9 @@ include barrier.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Debauchee/Barrier.conf
-noblacklist ${HOME}/.local/share/barrier
-noblacklist ${PATH}/openssl
+nodeny  ${HOME}/.config/Debauchee/Barrier.conf
+nodeny  ${HOME}/.local/share/barrier
+nodeny  ${PATH}/openssl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile
index 8dc3847a0be..547c67fc881 100644
--- a/etc/profile-a-l/basilisk.profile
+++ b/etc/profile-a-l/basilisk.profile
@@ -5,13 +5,13 @@ include basilisk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/moonchild productions/basilisk
-noblacklist ${HOME}/.moonchild productions/basilisk
+nodeny  ${HOME}/.cache/moonchild productions/basilisk
+nodeny  ${HOME}/.moonchild productions/basilisk
 
 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-whitelist ${HOME}/.cache/moonchild productions/basilisk
-whitelist ${HOME}/.moonchild productions
+allow  ${HOME}/.cache/moonchild productions/basilisk
+allow  ${HOME}/.moonchild productions
 
 # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
index 3ecaea7fe1e..a1d2b1e7394 100644
--- a/etc/profile-a-l/bcompare.profile
+++ b/etc/profile-a-l/bcompare.profile
@@ -7,10 +7,10 @@ include bcompare.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/bcompare
+nodeny  ${HOME}/.config/bcompare
 # In case the user decides to include disable-programs.inc, still allow
 # KDE's Gwenview to view images via right click -> Open With -> Associated Application
-noblacklist ${HOME}/.config/gwenviewrc
+nodeny  ${HOME}/.config/gwenviewrc
 
 # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile
index f3a9568bd1c..588f460a8df 100644
--- a/etc/profile-a-l/beaker.profile
+++ b/etc/profile-a-l/beaker.profile
@@ -19,10 +19,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
 
-noblacklist ${HOME}/.config/Beaker Browser
+nodeny  ${HOME}/.config/Beaker Browser
 
 mkdir ${HOME}/.config/Beaker Browser
-whitelist ${HOME}/.config/Beaker Browser
+allow  ${HOME}/.config/Beaker Browser
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile
index c7a82afbdd6..717d7258db6 100644
--- a/etc/profile-a-l/bibletime.profile
+++ b/etc/profile-a-l/bibletime.profile
@@ -6,11 +6,11 @@ include bibletime.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bibletime
-noblacklist ${HOME}/.sword
-noblacklist ${HOME}/.local/share/bibletime
+nodeny  ${HOME}/.bibletime
+nodeny  ${HOME}/.sword
+nodeny  ${HOME}/.local/share/bibletime
 
-blacklist ${HOME}/.bashrc
+deny  ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,12 +22,12 @@ include disable-programs.inc
 mkdir ${HOME}/.bibletime
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.local/share/bibletime
-whitelist ${HOME}/.bibletime
-whitelist ${HOME}/.sword
-whitelist ${HOME}/.local/share/bibletime
-whitelist /usr/share/bibletime
-whitelist /usr/share/doc/bibletime
-whitelist /usr/share/sword
+allow  ${HOME}/.bibletime
+allow  ${HOME}/.sword
+allow  ${HOME}/.local/share/bibletime
+allow  /usr/share/bibletime
+allow  /usr/share/doc/bibletime
+allow  /usr/share/sword
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile
index 854fe5cb9c2..b02fcc3e0c5 100644
--- a/etc/profile-a-l/bijiben.profile
+++ b/etc/profile-a-l/bijiben.profile
@@ -6,7 +6,7 @@ include bijiben.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/bijiben
+nodeny  ${HOME}/.local/share/bijiben
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/bijiben
-whitelist ${HOME}/.local/share/bijiben
-whitelist ${HOME}/.cache/tracker
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/bijiben
-whitelist /usr/share/tracker
-whitelist /usr/share/tracker3
+allow  ${HOME}/.local/share/bijiben
+allow  ${HOME}/.cache/tracker
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/bijiben
+allow  /usr/share/tracker
+allow  /usr/share/tracker3
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
index 932db9b73ca..c4ec0f82019 100644
--- a/etc/profile-a-l/bitcoin-qt.profile
+++ b/etc/profile-a-l/bitcoin-qt.profile
@@ -6,8 +6,8 @@ include bitcoin-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bitcoin
-noblacklist ${HOME}/.config/Bitcoin
+nodeny  ${HOME}/.bitcoin
+nodeny  ${HOME}/.config/Bitcoin
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin
-whitelist ${HOME}/.bitcoin
-whitelist ${HOME}/.config/Bitcoin
+allow  ${HOME}/.bitcoin
+allow  ${HOME}/.config/Bitcoin
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile
index dd7651979b1..0f000b26b59 100644
--- a/etc/profile-a-l/bitlbee.profile
+++ b/etc/profile-a-l/bitlbee.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 # noblacklist /var/log
 
 include disable-common.inc
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
index ba2eb2ea7d3..4b292d72aed 100644
--- a/etc/profile-a-l/bitwarden.profile
+++ b/etc/profile-a-l/bitwarden.profile
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Bitwarden
+nodeny  ${HOME}/.config/Bitwarden
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Bitwarden
-whitelist ${HOME}/.config/Bitwarden
+allow  ${HOME}/.config/Bitwarden
 
 machine-id
 no3d
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile
index 233f9a96f64..616ad6801f4 100644
--- a/etc/profile-a-l/blackbox.profile
+++ b/etc/profile-a-l/blackbox.profile
@@ -7,7 +7,7 @@ include blackbox.local
 include globals.local
 
 # all applications started in blackbox will run in this profile
-noblacklist ${HOME}/.blackbox
+nodeny  ${HOME}/.blackbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile
index 701ae431e70..8d0b5616f28 100644
--- a/etc/profile-a-l/blender.profile
+++ b/etc/profile-a-l/blender.profile
@@ -6,7 +6,7 @@ include blender.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/blender
+nodeny  ${HOME}/.config/blender
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 # Allow usage of AMD GPU by OpenCL
-noblacklist /sys/module
-whitelist /sys/module/amdgpu
+nodeny  /sys/module
+allow  /sys/module/amdgpu
 read-only /sys/module/amdgpu
 
 caps.drop all
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile
index 80dc750f79e..ca5f96eee97 100644
--- a/etc/profile-a-l/bless.profile
+++ b/etc/profile-a-l/bless.profile
@@ -6,7 +6,7 @@ include bless.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/bless
+nodeny  ${HOME}/.config/bless
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
index 229c2029392..ee2a73b54d8 100644
--- a/etc/profile-a-l/blobby.profile
+++ b/etc/profile-a-l/blobby.profile
@@ -4,7 +4,7 @@ include blobby.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.blobby
+nodeny  ${HOME}/.blobby
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.blobby
-whitelist ${HOME}/.blobby
+allow  ${HOME}/.blobby
 include whitelist-common.inc
-whitelist /usr/share/blobby
+allow  /usr/share/blobby
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
index 904710cb543..e0be5261ebe 100644
--- a/etc/profile-a-l/blobwars.profile
+++ b/etc/profile-a-l/blobwars.profile
@@ -6,7 +6,7 @@ include blobwars.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.parallelrealities/blobwars
+nodeny  ${HOME}/.parallelrealities/blobwars
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.parallelrealities/blobwars
-whitelist ${HOME}/.parallelrealities/blobwars
-whitelist /usr/share/blobwars
+allow  ${HOME}/.parallelrealities/blobwars
+allow  /usr/share/blobwars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile
index 6e8f0d7d1ad..dcfd5d8d2d1 100644
--- a/etc/profile-a-l/bnox.profile
+++ b/etc/profile-a-l/bnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/bnox
-noblacklist ${HOME}/.config/bnox
+nodeny  ${HOME}/.cache/bnox
+nodeny  ${HOME}/.config/bnox
 
 mkdir ${HOME}/.cache/bnox
 mkdir ${HOME}/.config/bnox
-whitelist ${HOME}/.cache/bnox
-whitelist ${HOME}/.config/bnox
+allow  ${HOME}/.cache/bnox
+allow  ${HOME}/.config/bnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile
index 0cbac049a0c..a14bb8fef2e 100644
--- a/etc/profile-a-l/brackets.profile
+++ b/etc/profile-a-l/brackets.profile
@@ -5,7 +5,7 @@ include brackets.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Brackets
+nodeny  ${HOME}/.config/Brackets
 #noblacklist /opt/brackets
 #noblacklist /opt/google
 
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile
index 417a6b3e0a6..a788824099a 100644
--- a/etc/profile-a-l/brasero.profile
+++ b/etc/profile-a-l/brasero.profile
@@ -6,7 +6,7 @@ include brasero.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/brasero
+nodeny  ${HOME}/.config/brasero
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index 09548c7610e..bc2d7a6a11d 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -14,24 +14,24 @@ ignore noexec /tmp
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/BraveSoftware
-noblacklist ${HOME}/.config/BraveSoftware
-noblacklist ${HOME}/.config/brave
-noblacklist ${HOME}/.config/brave-flags.conf
+nodeny  ${HOME}/.cache/BraveSoftware
+nodeny  ${HOME}/.config/BraveSoftware
+nodeny  ${HOME}/.config/brave
+nodeny  ${HOME}/.config/brave-flags.conf
 # brave uses gpg for built-in password manager
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/BraveSoftware
 mkdir ${HOME}/.config/BraveSoftware
 mkdir ${HOME}/.config/brave
-whitelist ${HOME}/.cache/BraveSoftware
-whitelist ${HOME}/.config/BraveSoftware
-whitelist ${HOME}/.config/brave
-whitelist ${HOME}/.config/brave-flags.conf
-whitelist ${HOME}/.gnupg
+allow  ${HOME}/.cache/BraveSoftware
+allow  ${HOME}/.config/BraveSoftware
+allow  ${HOME}/.config/brave
+allow  ${HOME}/.config/brave-flags.conf
+allow  ${HOME}/.gnupg
 
 # Brave sandbox needs read access to /proc/config.gz
-noblacklist /proc/config.gz
+nodeny  /proc/config.gz
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
index bda96bbb38b..62ca041c283 100644
--- a/etc/profile-a-l/bzflag.profile
+++ b/etc/profile-a-l/bzflag.profile
@@ -6,7 +6,7 @@ include bzflag.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bzf
+nodeny  ${HOME}/.bzf
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.bzf
-whitelist ${HOME}/.bzf
+allow  ${HOME}/.bzf
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile
index 83571397b32..99706620c72 100644
--- a/etc/profile-a-l/calibre.profile
+++ b/etc/profile-a-l/calibre.profile
@@ -6,9 +6,9 @@ include calibre.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/calibre
-noblacklist ${HOME}/.config/calibre
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/calibre
+nodeny  ${HOME}/.config/calibre
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile
index fcff47662fd..36ecc06a0a3 100644
--- a/etc/profile-a-l/calligra.profile
+++ b/etc/profile-a-l/calligra.profile
@@ -6,7 +6,7 @@ include calligra.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligra
+nodeny  ${HOME}/.local/share/kxmlgui5/calligra
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile
index 006c307ab0f..76123c96ae2 100644
--- a/etc/profile-a-l/calligragemini.profile
+++ b/etc/profile-a-l/calligragemini.profile
@@ -6,7 +6,7 @@ include calligragemini.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/calligragemini
+nodeny  ${HOME}/.local/share/calligragemini
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile
index 81dbd4dcdd2..5fb1e16dae7 100644
--- a/etc/profile-a-l/calligraplan.profile
+++ b/etc/profile-a-l/calligraplan.profile
@@ -6,7 +6,7 @@ include calligraplan.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan
+nodeny  ${HOME}/.local/share/kxmlgui5/calligraplan
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile
index bba91b66bfa..c176bfea1ae 100644
--- a/etc/profile-a-l/calligraplanwork.profile
+++ b/etc/profile-a-l/calligraplanwork.profile
@@ -6,7 +6,7 @@ include calligraplanwork.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork
+nodeny  ${HOME}/.local/share/kxmlgui5/calligraplanwork
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile
index 7bc296047c0..b7ac689452f 100644
--- a/etc/profile-a-l/calligrasheets.profile
+++ b/etc/profile-a-l/calligrasheets.profile
@@ -6,7 +6,7 @@ include calligrasheets.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets
+nodeny  ${HOME}/.local/share/kxmlgui5/calligrasheets
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile
index 7694abbe414..1258fec563e 100644
--- a/etc/profile-a-l/calligrastage.profile
+++ b/etc/profile-a-l/calligrastage.profile
@@ -6,7 +6,7 @@ include calligrastage.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage
+nodeny  ${HOME}/.local/share/kxmlgui5/calligrastage
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile
index d69d56a95c0..c2b6c804163 100644
--- a/etc/profile-a-l/calligrawords.profile
+++ b/etc/profile-a-l/calligrawords.profile
@@ -6,7 +6,7 @@ include calligrawords.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords
+nodeny  ${HOME}/.local/share/kxmlgui5/calligrawords
 
 # Redirect
 include calligra.profile
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
index 74c7cc34b61..390ae383cb7 100644
--- a/etc/profile-a-l/cameramonitor.profile
+++ b/etc/profile-a-l/cameramonitor.profile
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/cameramonitor
+allow  /usr/share/cameramonitor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
index 96f88a7c4fa..77bdc09e01b 100644
--- a/etc/profile-a-l/cantata.profile
+++ b/etc/profile-a-l/cantata.profile
@@ -6,10 +6,10 @@ include cantata.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/cantata
-noblacklist ${HOME}/.config/cantata
-noblacklist ${HOME}/.local/share/cantata
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/cantata
+nodeny  ${HOME}/.config/cantata
+nodeny  ${HOME}/.local/share/cantata
+nodeny  ${MUSIC}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index 7cf04c55010..9c53af84fc9 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -10,11 +10,11 @@ include globals.local
 ignore noexec ${HOME}
 ignore noexec /tmp
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.cargo/credentials
-noblacklist ${HOME}/.cargo/credentials.toml
+nodeny  ${HOME}/.cargo/credentials
+nodeny  ${HOME}/.cargo/credentials.toml
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -34,7 +34,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.cargo
 #whitelist ${HOME}/.rustup
 #include whitelist-common.inc
-whitelist /usr/share/pkgconfig
+allow  /usr/share/pkgconfig
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile
index 009d3a049d4..4ea53ea6b26 100644
--- a/etc/profile-a-l/catfish.profile
+++ b/etc/profile-a-l/catfish.profile
@@ -9,7 +9,7 @@ include globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
 
-noblacklist ${HOME}/.config/catfish
+nodeny  ${HOME}/.config/catfish
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
 
-whitelist /var/lib/mlocate
+allow  /var/lib/mlocate
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile
index 6e137010cec..d7aee1902cb 100644
--- a/etc/profile-a-l/cawbird.profile
+++ b/etc/profile-a-l/cawbird.profile
@@ -6,7 +6,7 @@ include cawbird.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cawbird
+nodeny  ${HOME}/.config/cawbird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile
index 1c539cc93e2..d6f4306ba94 100644
--- a/etc/profile-a-l/celluloid.profile
+++ b/etc/profile-a-l/celluloid.profile
@@ -6,9 +6,9 @@ include celluloid.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/celluloid
-noblacklist ${HOME}/.config/gnome-mpv
-noblacklist ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.config/celluloid
+nodeny  ${HOME}/.config/gnome-mpv
+nodeny  ${HOME}/.config/youtube-dl
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,7 +17,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -30,9 +30,9 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/celluloid
 mkdir ${HOME}/.config/gnome-mpv
 mkdir ${HOME}/.config/youtube-dl
-whitelist ${HOME}/.config/celluloid
-whitelist ${HOME}/.config/gnome-mpv
-whitelist ${HOME}/.config/youtube-dl
+allow  ${HOME}/.config/celluloid
+allow  ${HOME}/.config/gnome-mpv
+allow  ${HOME}/.config/youtube-dl
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile
index 24939fc70e1..0f61084e0ea 100644
--- a/etc/profile-a-l/checkbashisms.profile
+++ b/etc/profile-a-l/checkbashisms.profile
@@ -7,9 +7,9 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile
index aca1f5876a3..bde3e1311b4 100644
--- a/etc/profile-a-l/cheese.profile
+++ b/etc/profile-a-l/cheese.profile
@@ -6,8 +6,8 @@ include cheese.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${VIDEOS}
-noblacklist ${PICTURES}
+nodeny  ${VIDEOS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${VIDEOS}
-whitelist ${PICTURES}
-whitelist /usr/share/gnome-video-effects
+allow  ${VIDEOS}
+allow  ${PICTURES}
+allow  /usr/share/gnome-video-effects
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile
index 7621b3c8cc7..d5dedd81d92 100644
--- a/etc/profile-a-l/cherrytree.profile
+++ b/etc/profile-a-l/cherrytree.profile
@@ -6,8 +6,8 @@ include cherrytree.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cherrytree
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/cherrytree
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile
index 8803a4d9d1b..64c45772a5a 100644
--- a/etc/profile-a-l/chromium-browser-privacy.profile
+++ b/etc/profile-a-l/chromium-browser-privacy.profile
@@ -3,15 +3,15 @@
 # Persistent local customizations
 include chromium-browser-privacy.local
 
-noblacklist ${HOME}/.cache/ungoogled-chromium
-noblacklist ${HOME}/.config/ungoogled-chromium
+nodeny  ${HOME}/.cache/ungoogled-chromium
+nodeny  ${HOME}/.config/ungoogled-chromium
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 mkdir ${HOME}/.cache/ungoogled-chromium
 mkdir ${HOME}/.config/ungoogled-chromium
-whitelist ${HOME}/.cache/ungoogled-chromium
-whitelist ${HOME}/.config/ungoogled-chromium
+allow  ${HOME}/.cache/ungoogled-chromium
+allow  ${HOME}/.config/ungoogled-chromium
 
 # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings
 
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index b0e0254d477..dbeb715d44d 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
 # to have access to Gnome extensions (extensions.gnome.org) via browser connector
@@ -26,9 +26,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile
index 9ac33aa1c6d..ea92e90a8a9 100644
--- a/etc/profile-a-l/chromium.profile
+++ b/etc/profile-a-l/chromium.profile
@@ -6,17 +6,17 @@ include chromium.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/chromium
-noblacklist ${HOME}/.config/chromium
-noblacklist ${HOME}/.config/chromium-flags.conf
+nodeny  ${HOME}/.cache/chromium
+nodeny  ${HOME}/.config/chromium
+nodeny  ${HOME}/.config/chromium-flags.conf
 
 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
-whitelist ${HOME}/.cache/chromium
-whitelist ${HOME}/.config/chromium
-whitelist ${HOME}/.config/chromium-flags.conf
-whitelist /usr/share/chromium
-whitelist /usr/share/mozilla/extensions
+allow  ${HOME}/.cache/chromium
+allow  ${HOME}/.config/chromium
+allow  ${HOME}/.config/chromium-flags.conf
+allow  /usr/share/chromium
+allow  /usr/share/mozilla/extensions
 
 # private-bin chromium,chromium-browser,chromedriver
 
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile
index e1f9523c45c..c967e1c96bf 100644
--- a/etc/profile-a-l/cin.profile
+++ b/etc/profile-a-l/cin.profile
@@ -5,7 +5,7 @@ include cin.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bcast5
+nodeny  ${HOME}/.bcast5
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile
index e403c2c410e..0efbcd4f24e 100644
--- a/etc/profile-a-l/clamav.profile
+++ b/etc/profile-a-l/clamav.profile
@@ -7,7 +7,7 @@ include clamav.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-exec.inc
 
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile
index 691657fa04d..3e4e1f2a19e 100644
--- a/etc/profile-a-l/claws-mail.profile
+++ b/etc/profile-a-l/claws-mail.profile
@@ -6,17 +6,17 @@ include claws-mail.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.claws-mail
+nodeny  ${HOME}/.claws-mail
 
 mkdir ${HOME}/.claws-mail
-whitelist ${HOME}/.claws-mail
+allow  ${HOME}/.claws-mail
 
 # Add the below lines to your claws-mail.local if you use python-based plugins.
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 #include allow-python3.inc
 
-whitelist /usr/share/doc/claws-mail
+allow  /usr/share/doc/claws-mail
 
 # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2
 
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile
index 9b62a1f735a..ee64391d9cb 100644
--- a/etc/profile-a-l/clawsker.profile
+++ b/etc/profile-a-l/clawsker.profile
@@ -6,7 +6,7 @@ include clawsker.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.claws-mail
+nodeny  ${HOME}/.claws-mail
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.claws-mail
-whitelist ${HOME}/.claws-mail
+allow  ${HOME}/.claws-mail
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index fa33795c17c..f9c0006f984 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -6,9 +6,9 @@ include clementine.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Clementine
-noblacklist ${HOME}/.config/Clementine
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/Clementine
+nodeny  ${HOME}/.config/Clementine
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index 22cecff09da..42903777abb 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -5,13 +5,13 @@ include clion.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.CLion*
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.java
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.CLion*
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.java
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile
index c8258da070a..89f8d96f056 100644
--- a/etc/profile-a-l/clipgrab.profile
+++ b/etc/profile-a-l/clipgrab.profile
@@ -6,9 +6,9 @@ include clipgrab.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Philipp Schmieder
-noblacklist ${HOME}/.pki
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/Philipp Schmieder
+nodeny  ${HOME}/.pki
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index d421903a324..4a2a5171b30 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -6,8 +6,8 @@ include clipit.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/clipit
-noblacklist ${HOME}/.local/share/clipit
+nodeny  ${HOME}/.config/clipit
+nodeny  ${HOME}/.local/share/clipit
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/clipit
 mkdir ${HOME}/.local/share/clipit
-whitelist ${HOME}/.config/clipit
-whitelist ${HOME}/.local/share/clipit
+allow  ${HOME}/.config/clipit
+allow  ${HOME}/.local/share/clipit
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile
index d0b8cc0ef3f..22c6ef88253 100644
--- a/etc/profile-a-l/cliqz.profile
+++ b/etc/profile-a-l/cliqz.profile
@@ -5,16 +5,16 @@ include cliqz.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/cliqz
-noblacklist ${HOME}/.cliqz
-noblacklist ${HOME}/.config/cliqz
+nodeny  ${HOME}/.cache/cliqz
+nodeny  ${HOME}/.cliqz
+nodeny  ${HOME}/.config/cliqz
 
 mkdir ${HOME}/.cache/cliqz
 mkdir ${HOME}/.cliqz
 mkdir ${HOME}/.config/cliqz
-whitelist ${HOME}/.cache/cliqz
-whitelist ${HOME}/.cliqz
-whitelist ${HOME}/.config/cliqz
+allow  ${HOME}/.cache/cliqz
+allow  ${HOME}/.cliqz
+allow  ${HOME}/.config/cliqz
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc cliqz
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
index bcd557787b8..51e53209f9f 100644
--- a/etc/profile-a-l/cmus.profile
+++ b/etc/profile-a-l/cmus.profile
@@ -6,8 +6,8 @@ include cmus.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cmus
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/cmus
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile
index e19b789088b..1933c66fa5b 100644
--- a/etc/profile-a-l/code.profile
+++ b/etc/profile-a-l/code.profile
@@ -5,10 +5,10 @@ include code.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Code
-noblacklist ${HOME}/.config/Code - OSS
-noblacklist ${HOME}/.vscode
-noblacklist ${HOME}/.vscode-oss
+nodeny  ${HOME}/.config/Code
+nodeny  ${HOME}/.config/Code - OSS
+nodeny  ${HOME}/.vscode
+nodeny  ${HOME}/.vscode-oss
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
index bd6d8f5b08c..efa7f516cb5 100644
--- a/etc/profile-a-l/colorful.profile
+++ b/etc/profile-a-l/colorful.profile
@@ -6,7 +6,7 @@ include colorful.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.suve/colorful
+nodeny  ${HOME}/.suve/colorful
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.suve/colorful
-whitelist ${HOME}/.suve/colorful
-whitelist /usr/share/suve
+allow  ${HOME}/.suve/colorful
+allow  /usr/share/suve
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
index c8bdfec2361..34b66295955 100644
--- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile
+++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/com.github.bleakgrey.tootle
+nodeny  ${HOME}/.config/com.github.bleakgrey.tootle
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/com.github.bleakgrey.tootle
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/com.github.bleakgrey.tootle
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/com.github.bleakgrey.tootle
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
index b467a0f7aa2..4e26e492523 100644
--- a/etc/profile-a-l/com.github.dahenson.agenda.profile
+++ b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/agenda
-noblacklist ${HOME}/.config/agenda
-noblacklist ${HOME}/.local/share/agenda
+nodeny  ${HOME}/.cache/agenda
+nodeny  ${HOME}/.config/agenda
+nodeny  ${HOME}/.local/share/agenda
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/agenda
 mkdir ${HOME}/.config/agenda
 mkdir ${HOME}/.local/share/agenda
-whitelist ${HOME}/.cache/agenda
-whitelist ${HOME}/.config/agenda
-whitelist ${HOME}/.local/share/agenda
+allow  ${HOME}/.cache/agenda
+allow  ${HOME}/.config/agenda
+allow  ${HOME}/.local/share/agenda
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
index c13f9618b8e..bbfc1fe411b 100644
--- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
+++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -6,9 +6,9 @@ include foliate.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
-noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.cache/com.github.johnfactotum.Foliate
+nodeny  ${HOME}/.local/share/com.github.johnfactotum.Foliate
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
 mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
-whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
-whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist /usr/share/com.github.johnfactotum.Foliate
-whitelist /usr/share/hyphen
+allow  ${HOME}/.cache/com.github.johnfactotum.Foliate
+allow  ${HOME}/.local/share/com.github.johnfactotum.Foliate
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  /usr/share/com.github.johnfactotum.Foliate
+allow  /usr/share/hyphen
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile
index d0402d188bc..3e9acc6c85f 100644
--- a/etc/profile-a-l/com.github.phase1geo.minder.profile
+++ b/etc/profile-a-l/com.github.phase1geo.minder.profile
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/minder
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.local/share/minder
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/minder
-whitelist ${HOME}/.local/share/minder
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist ${PICTURES}
+allow  ${HOME}/.local/share/minder
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile
index 38edf0d212e..6cc9ec551cd 100644
--- a/etc/profile-a-l/conkeror.profile
+++ b/etc/profile-a-l/conkeror.profile
@@ -5,23 +5,23 @@ include conkeror.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.conkeror.mozdev.org
+nodeny  ${HOME}/.conkeror.mozdev.org
 
 include disable-common.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.conkeror.mozdev.org
 mkfile ${HOME}/.conkerorrc
-whitelist ${HOME}/.conkeror.mozdev.org
-whitelist ${HOME}/.conkerorrc
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.conkeror.mozdev.org
+allow  ${HOME}/.conkerorrc
+allow  ${HOME}/.lastpass
+allow  ${HOME}/.pentadactyl
+allow  ${HOME}/.pentadactylrc
+allow  ${HOME}/.vimperator
+allow  ${HOME}/.vimperatorrc
+allow  ${HOME}/.zotero
+allow  ${HOME}/dwhelper
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile
index eaa18739dfc..1b3fe665121 100644
--- a/etc/profile-a-l/conky.profile
+++ b/etc/profile-a-l/conky.profile
@@ -6,7 +6,7 @@ include conky.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
index 2fb446e2ac3..266c404ee9b 100644
--- a/etc/profile-a-l/corebird.profile
+++ b/etc/profile-a-l/corebird.profile
@@ -6,7 +6,7 @@ include corebird.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/corebird
+nodeny  ${HOME}/.config/corebird
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
index 1635995dc13..0a1353e40f8 100644
--- a/etc/profile-a-l/cower.profile
+++ b/etc/profile-a-l/cower.profile
@@ -7,8 +7,8 @@ include cower.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/cower
-noblacklist /var/lib/pacman
+nodeny  ${HOME}/.config/cower
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
index 7ece35c2bc2..5e48c802264 100644
--- a/etc/profile-a-l/coyim.profile
+++ b/etc/profile-a-l/coyim.profile
@@ -6,7 +6,7 @@ include coyim.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/coyim
+nodeny  ${HOME}/.config/coyim
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/coyim
-whitelist ${HOME}/.config/coyim
+allow  ${HOME}/.config/coyim
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile
index bdc4f21a697..dec8c086b70 100644
--- a/etc/profile-a-l/cpio.profile
+++ b/etc/profile-a-l/cpio.profile
@@ -7,8 +7,8 @@ include cpio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile
index b10216895a5..81292c01c1d 100644
--- a/etc/profile-a-l/crawl.profile
+++ b/etc/profile-a-l/crawl.profile
@@ -6,7 +6,7 @@ include crawl-tiles.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.crawl
+nodeny  ${HOME}/.crawl
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.crawl
-whitelist ${HOME}/.crawl
+allow  ${HOME}/.crawl
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
index 02b15ecc287..36bd93778bf 100644
--- a/etc/profile-a-l/crow.profile
+++ b/etc/profile-a-l/crow.profile
@@ -8,8 +8,8 @@ include globals.local
 
 mkdir ${HOME}/.config/crow
 mkdir ${HOME}/.cache/gstreamer-1.0
-whitelist ${HOME}/.config/crow
-whitelist ${HOME}/.cache/gstreamer-1.0
+allow  ${HOME}/.config/crow
+allow  ${HOME}/.cache/gstreamer-1.0
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index c9867c5d71d..4950b7a4c6f 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -12,11 +12,11 @@ include globals.local
 # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts.
 # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
 # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact.
-noblacklist ${HOME}/.curl-hsts
-noblacklist ${HOME}/.curlrc
+nodeny  ${HOME}/.curl-hsts
+nodeny  ${HOME}/.curlrc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile
index d1fff000468..49f972e4aa3 100644
--- a/etc/profile-a-l/cyberfox.profile
+++ b/etc/profile-a-l/cyberfox.profile
@@ -5,13 +5,13 @@ include cyberfox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.8pecxstudios
-noblacklist ${HOME}/.cache/8pecxstudios
+nodeny  ${HOME}/.8pecxstudios
+nodeny  ${HOME}/.cache/8pecxstudios
 
 mkdir ${HOME}/.8pecxstudios
 mkdir ${HOME}/.cache/8pecxstudios
-whitelist ${HOME}/.8pecxstudios
-whitelist ${HOME}/.cache/8pecxstudios
+allow  ${HOME}/.8pecxstudios
+allow  ${HOME}/.cache/8pecxstudios
 
 # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which
 # private-etc must first be enabled in firefox-common.profile
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index ba1e7adade9..c7ce1730a54 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -6,7 +6,7 @@ include d-feet.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/d-feet
+nodeny  ${HOME}/.config/d-feet
 
 # Allow python (disabled by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/d-feet
-whitelist ${HOME}/.config/d-feet
-whitelist /usr/share/d-feet
+allow  ${HOME}/.config/d-feet
+allow  /usr/share/d-feet
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile
index 61fa52928d9..4d51c255e02 100644
--- a/etc/profile-a-l/darktable.profile
+++ b/etc/profile-a-l/darktable.profile
@@ -6,9 +6,9 @@ include darktable.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/darktable
-noblacklist ${HOME}/.config/darktable
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/darktable
+nodeny  ${HOME}/.config/darktable
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 67a61bb6094..745042d6fb8 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -7,8 +7,8 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
index 0c221850ad3..c1231c6cfde 100644
--- a/etc/profile-a-l/dconf-editor.profile
+++ b/etc/profile-a-l/dconf-editor.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.local/share/glib-2.0
+allow  ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile
index be7514cbf32..b9d385adfb2 100644
--- a/etc/profile-a-l/dconf.profile
+++ b/etc/profile-a-l/dconf.profile
@@ -6,7 +6,7 @@ include dconf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.local/share/glib-2.0
+allow  ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile
index 5b95b74be2a..09fa7a07a40 100644
--- a/etc/profile-a-l/ddgtk.profile
+++ b/etc/profile-a-l/ddgtk.profile
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
-whitelist /usr/share/ddgtk
+allow  ${DOWNLOADS}
+allow  /usr/share/ddgtk
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile
index a221ebbd758..25fa944a118 100644
--- a/etc/profile-a-l/deadbeef.profile
+++ b/etc/profile-a-l/deadbeef.profile
@@ -6,8 +6,8 @@ include deadbeef.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/deadbeef
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/deadbeef
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index ad7aa6ed522..d41a4a02398 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -6,7 +6,7 @@ include deluge.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/deluge
+nodeny  ${HOME}/.config/deluge
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/deluge
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/deluge
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile
index 212cdab60fb..aed4355d56f 100644
--- a/etc/profile-a-l/desktopeditors.profile
+++ b/etc/profile-a-l/desktopeditors.profile
@@ -6,9 +6,9 @@ include desktopeditors.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/onlyoffice
-noblacklist ${HOME}/.local/share/onlyoffice
-noblacklist ${HOME}/.pki
+nodeny  ${HOME}/.config/onlyoffice
+nodeny  ${HOME}/.local/share/onlyoffice
+nodeny  ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
index 5007f8e742c..dc0f290fb45 100644
--- a/etc/profile-a-l/devhelp.profile
+++ b/etc/profile-a-l/devhelp.profile
@@ -16,9 +16,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/devhelp
-whitelist /usr/share/doc
-whitelist /usr/share/gtk-doc/html
+allow  /usr/share/devhelp
+allow  /usr/share/doc
+allow  /usr/share/gtk-doc/html
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile
index 6267b57097b..631f15f9303 100644
--- a/etc/profile-a-l/devilspie.profile
+++ b/etc/profile-a-l/devilspie.profile
@@ -6,9 +6,9 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.devilspie
+nodeny  ${HOME}/.devilspie
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.devilspie
-whitelist ${HOME}/.devilspie
+allow  ${HOME}/.devilspie
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile
index 9eab3f536ab..140c9da0ff7 100644
--- a/etc/profile-a-l/devilspie2.profile
+++ b/etc/profile-a-l/devilspie2.profile
@@ -6,17 +6,17 @@ include devilspie2.local
 # Persistent global definitions
 #include globals.local
 
-blacklist ${HOME}/.devilspie
+deny  ${HOME}/.devilspie
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/devilspie2
+nodeny  ${HOME}/.config/devilspie2
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
 mkdir ${HOME}/.config/devilspie2
-whitelist ${HOME}/.config/devilspie2
+allow  ${HOME}/.config/devilspie2
 
 private-bin devilspie2
 
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 531734b7d11..2a808238b9e 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -6,8 +6,8 @@ include dia.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dia
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.dia
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.dia
 #whitelist ${DOCUMENTS}
 #include whitelist-common.inc
-whitelist /usr/share/dia
+allow  /usr/share/dia
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 247159a8a83..2d683b8115a 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -7,11 +7,11 @@ include dig.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.digrc
-noblacklist ${PATH}/dig
+nodeny  ${HOME}/.digrc
+nodeny  ${PATH}/dig
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 #mkfile ${HOME}/.digrc - see #903
-whitelist ${HOME}/.digrc
+allow  ${HOME}/.digrc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile
index 2ca7bd40023..124b5095295 100644
--- a/etc/profile-a-l/digikam.profile
+++ b/etc/profile-a-l/digikam.profile
@@ -6,12 +6,12 @@ include digikam.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/digikam
-noblacklist ${HOME}/.config/digikamrc
-noblacklist ${HOME}/.kde/share/apps/digikam
-noblacklist ${HOME}/.kde4/share/apps/digikam
-noblacklist ${HOME}/.local/share/kxmlgui5/digikam
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/digikam
+nodeny  ${HOME}/.config/digikamrc
+nodeny  ${HOME}/.kde/share/apps/digikam
+nodeny  ${HOME}/.kde4/share/apps/digikam
+nodeny  ${HOME}/.local/share/kxmlgui5/digikam
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile
index 9871a6095fb..883466f4db9 100644
--- a/etc/profile-a-l/dillo.profile
+++ b/etc/profile-a-l/dillo.profile
@@ -6,7 +6,7 @@ include dillo.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dillo
+nodeny  ${HOME}/.dillo
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.dillo
 mkdir ${HOME}/.fltk
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.dillo
-whitelist ${HOME}/.fltk
+allow  ${DOWNLOADS}
+allow  ${HOME}/.dillo
+allow  ${HOME}/.fltk
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
index c3174b35f26..3078bef717c 100644
--- a/etc/profile-a-l/dino.profile
+++ b/etc/profile-a-l/dino.profile
@@ -6,7 +6,7 @@ include dino.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/dino
+nodeny  ${HOME}/.local/share/dino
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.local/share/dino
-whitelist ${HOME}/.local/share/dino
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.local/share/dino
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile
index 43db95b8a93..1c53cd211e0 100644
--- a/etc/profile-a-l/discord-canary.profile
+++ b/etc/profile-a-l/discord-canary.profile
@@ -5,10 +5,10 @@ include discord-canary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discordcanary
+nodeny  ${HOME}/.config/discordcanary
 
 mkdir ${HOME}/.config/discordcanary
-whitelist ${HOME}/.config/discordcanary
+allow  ${HOME}/.config/discordcanary
 
 private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9]
 private-opt discord-canary
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile
index 19e7bd9ab42..6bee1901c89 100644
--- a/etc/profile-a-l/discord-common.profile
+++ b/etc/profile-a-l/discord-common.profile
@@ -20,8 +20,8 @@ ignore dbus-system none
 ignore noexec ${HOME}
 ignore novideo
 
-whitelist ${HOME}/.config/BetterDiscord
-whitelist ${HOME}/.local/share/betterdiscordctl
+allow  ${HOME}/.config/BetterDiscord
+allow  ${HOME}/.local/share/betterdiscordctl
 
 private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
 private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile
index 8ef02a30f5a..658d3fc8313 100644
--- a/etc/profile-a-l/discord.profile
+++ b/etc/profile-a-l/discord.profile
@@ -5,10 +5,10 @@ include discord.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/discord
+nodeny  ${HOME}/.config/discord
 
 mkdir ${HOME}/.config/discord
-whitelist ${HOME}/.config/discord
+allow  ${HOME}/.config/discord
 
 private-bin discord
 private-opt discord
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
index 11f3fd36ebb..4474b97d246 100644
--- a/etc/profile-a-l/display.profile
+++ b/etc/profile-a-l/display.profile
@@ -5,7 +5,7 @@ include display.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile
index 51ba6f8b759..8c3d6211bae 100644
--- a/etc/profile-a-l/dnox.profile
+++ b/etc/profile-a-l/dnox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/dnox
-noblacklist ${HOME}/.config/dnox
+nodeny  ${HOME}/.cache/dnox
+nodeny  ${HOME}/.config/dnox
 
 mkdir ${HOME}/.cache/dnox
 mkdir ${HOME}/.config/dnox
-whitelist ${HOME}/.cache/dnox
-whitelist ${HOME}/.config/dnox
+allow  ${HOME}/.cache/dnox
+allow  ${HOME}/.config/dnox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index f8fb1a33131..dbcef36f806 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/dnscrypt-proxy
+allow  /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index 01398c2b272..b1acbf392cb 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -7,11 +7,11 @@ include dnsmasq.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile
index 49feec32ecf..15b312ecbae 100644
--- a/etc/profile-a-l/dolphin-emu.profile
+++ b/etc/profile-a-l/dolphin-emu.profile
@@ -8,9 +8,9 @@ include globals.local
 
 # Note: you must whitelist your games folder in your dolphin-emu.local.
 
-noblacklist ${HOME}/.cache/dolphin-emu
-noblacklist ${HOME}/.config/dolphin-emu
-noblacklist ${HOME}/.local/share/dolphin-emu
+nodeny  ${HOME}/.cache/dolphin-emu
+nodeny  ${HOME}/.config/dolphin-emu
+nodeny  ${HOME}/.local/share/dolphin-emu
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/dolphin-emu
 mkdir ${HOME}/.config/dolphin-emu
 mkdir ${HOME}/.local/share/dolphin-emu
-whitelist ${HOME}/.cache/dolphin-emu
-whitelist ${HOME}/.config/dolphin-emu
-whitelist ${HOME}/.local/share/dolphin-emu
-whitelist /usr/share/dolphin-emu
+allow  ${HOME}/.cache/dolphin-emu
+allow  ${HOME}/.config/dolphin-emu
+allow  ${HOME}/.local/share/dolphin-emu
+allow  /usr/share/dolphin-emu
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile
index 37a4113cbaf..3b0adcc3626 100644
--- a/etc/profile-a-l/dooble.profile
+++ b/etc/profile-a-l/dooble.profile
@@ -7,7 +7,7 @@ include dooble-qt4.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dooble
+nodeny  ${HOME}/.dooble
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.dooble
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.dooble
+allow  ${DOWNLOADS}
+allow  ${HOME}/.dooble
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
index 988f66f285f..29e50676492 100644
--- a/etc/profile-a-l/dosbox.profile
+++ b/etc/profile-a-l/dosbox.profile
@@ -6,8 +6,8 @@ include dosbox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.dosbox
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.dosbox
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
index 8fa01d50443..90ca11774cc 100644
--- a/etc/profile-a-l/dragon.profile
+++ b/etc/profile-a-l/dragon.profile
@@ -6,9 +6,9 @@ include dragon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/dragonplayerrc
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/dragonplayerrc
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/dragonplayer
+allow  /usr/share/dragonplayer
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
index 82d96e405b7..84a77ce34f3 100644
--- a/etc/profile-a-l/drawio.profile
+++ b/etc/profile-a-l/drawio.profile
@@ -6,7 +6,7 @@ include drawio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/draw.io
+nodeny  ${HOME}/.config/draw.io
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/draw.io
-whitelist ${HOME}/.config/draw.io
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/draw.io
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index 068bd88d896..e177fd60e9c 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -7,10 +7,10 @@ include drill.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PATH}/drill
+nodeny  ${PATH}/drill
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile
index b3b2aaf4036..274cdd47841 100644
--- a/etc/profile-a-l/dropbox.profile
+++ b/etc/profile-a-l/dropbox.profile
@@ -5,9 +5,9 @@ include dropbox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/autostart
-noblacklist ${HOME}/.dropbox
-noblacklist ${HOME}/.dropbox-dist
+nodeny  ${HOME}/.config/autostart
+nodeny  ${HOME}/.dropbox
+nodeny  ${HOME}/.dropbox-dist
 
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox
 mkdir ${HOME}/.dropbox-dist
 mkdir ${HOME}/Dropbox
 mkfile ${HOME}/.config/autostart/dropbox.desktop
-whitelist ${HOME}/.config/autostart/dropbox.desktop
-whitelist ${HOME}/.dropbox
-whitelist ${HOME}/.dropbox-dist
-whitelist ${HOME}/Dropbox
+allow  ${HOME}/.config/autostart/dropbox.desktop
+allow  ${HOME}/.dropbox
+allow  ${HOME}/.dropbox-dist
+allow  ${HOME}/Dropbox
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile
index 38e4b16f78d..da54fec3410 100644
--- a/etc/profile-a-l/easystroke.profile
+++ b/etc/profile-a-l/easystroke.profile
@@ -6,7 +6,7 @@ include easystroke.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.easystroke
+nodeny  ${HOME}/.easystroke
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.easystroke
-whitelist ${HOME}/.easystroke
+allow  ${HOME}/.easystroke
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
index 278dd6cbd01..10e57371e3a 100644
--- a/etc/profile-a-l/electron-mail.profile
+++ b/etc/profile-a-l/electron-mail.profile
@@ -6,7 +6,7 @@ include electron-mail.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/electron-mail
+nodeny  ${HOME}/.config/electron-mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail
-whitelist ${HOME}/.config/electron-mail
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/electron-mail
+allow  ${DOWNLOADS}
 
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile
index 493af79d42a..e8d8d35c405 100644
--- a/etc/profile-a-l/electron.profile
+++ b/etc/profile-a-l/electron.profile
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
index ad636d71a79..f6691017c95 100644
--- a/etc/profile-a-l/electrum.profile
+++ b/etc/profile-a-l/electrum.profile
@@ -6,7 +6,7 @@ include electrum.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.electrum
+nodeny  ${HOME}/.electrum
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.electrum
-whitelist ${HOME}/.electrum
+allow  ${HOME}/.electrum
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile
index 48a826f2e76..ec28866b87e 100644
--- a/etc/profile-a-l/element-desktop.profile
+++ b/etc/profile-a-l/element-desktop.profile
@@ -9,11 +9,11 @@ include element-desktop.local
 
 ignore dbus-user none
 
-noblacklist ${HOME}/.config/Element
+nodeny  ${HOME}/.config/Element
 
 mkdir ${HOME}/.config/Element
-whitelist ${HOME}/.config/Element
-whitelist /opt/Element
+allow  ${HOME}/.config/Element
+allow  /opt/Element
 
 private-opt Element
 
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile
index 5a29eb24b59..30dca05cb9a 100644
--- a/etc/profile-a-l/elinks.profile
+++ b/etc/profile-a-l/elinks.profile
@@ -7,10 +7,10 @@ include elinks.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.elinks
+nodeny  ${HOME}/.elinks
 
 mkdir ${HOME}/.elinks
-whitelist ${HOME}/.elinks
+allow  ${HOME}/.elinks
 
 private-bin elinks
 
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index 55bf743ef8f..f0e0e2830c8 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -6,8 +6,8 @@ include emacs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
+nodeny  ${HOME}/.emacs
+nodeny  ${HOME}/.emacs.d
 # Add the next line to your emacs.local if you need gpg support.
 #noblacklist ${HOME}/.gnupg
 
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile
index 6c9a8a6ea9a..5fc72d34096 100644
--- a/etc/profile-a-l/email-common.profile
+++ b/etc/profile-a-l/email-common.profile
@@ -7,14 +7,14 @@ include email-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.signature
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.signature
 # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local
 # and 'blacklist' it in your disable-common.local too so it is  kept hidden from other applications
-noblacklist ${HOME}/Mail
+nodeny  ${HOME}/Mail
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,17 +27,17 @@ include disable-xdg.inc
 mkdir ${HOME}/.gnupg
 mkfile ${HOME}/.config/mimeapps.list
 mkfile ${HOME}/.signature
-whitelist ${HOME}/.config/mimeapps.list
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.signature
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/mimeapps.list
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.signature
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
 # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local
-whitelist ${HOME}/Mail
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/Mail
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile
index ac17b172684..36015b7028c 100644
--- a/etc/profile-a-l/enchant.profile
+++ b/etc/profile-a-l/enchant.profile
@@ -6,9 +6,9 @@ include enchant.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/enchant
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/enchant
-whitelist ${HOME}/.config/enchant
+allow  ${HOME}/.config/enchant
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile
index d982433e277..9a1d89bbab1 100644
--- a/etc/profile-a-l/enox.profile
+++ b/etc/profile-a-l/enox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/Enox
-noblacklist ${HOME}/.config/Enox
+nodeny  ${HOME}/.cache/Enox
+nodeny  ${HOME}/.config/Enox
 
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/Enox
 mkdir ${HOME}/.config/Enox
-whitelist ${HOME}/.cache/Enox
-whitelist ${HOME}/.config/Enox
+allow  ${HOME}/.cache/Enox
+allow  ${HOME}/.config/Enox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile
index c4123b4c299..5d8f8a0b966 100644
--- a/etc/profile-a-l/enpass.profile
+++ b/etc/profile-a-l/enpass.profile
@@ -6,11 +6,11 @@ include enpass.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Enpass
-noblacklist ${HOME}/.config/sinew.in
-noblacklist ${HOME}/.config/Sinew Software Systems
-noblacklist ${HOME}/.local/share/Enpass
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/Enpass
+nodeny  ${HOME}/.config/sinew.in
+nodeny  ${HOME}/.config/Sinew Software Systems
+nodeny  ${HOME}/.local/share/Enpass
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass
 mkfile ${HOME}/.config/sinew.in
 mkdir ${HOME}/.config/Sinew Software Systems
 mkdir ${HOME}/.local/share/Enpass
-whitelist ${HOME}/.cache/Enpass
-whitelist ${HOME}/.config/sinew.in
-whitelist ${HOME}/.config/Sinew Software Systems
-whitelist ${HOME}/.local/share/Enpass
-whitelist ${DOCUMENTS}
+allow  ${HOME}/.cache/Enpass
+allow  ${HOME}/.config/sinew.in
+allow  ${HOME}/.config/Sinew Software Systems
+allow  ${HOME}/.local/share/Enpass
+allow  ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index fe7913e77a7..ff7040e5c3f 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -7,11 +7,11 @@ include eo-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/Trash
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.local/share/Trash
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.steam
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile
index 5892374bd15..e8592c7dfa7 100644
--- a/etc/profile-a-l/eog.profile
+++ b/etc/profile-a-l/eog.profile
@@ -6,9 +6,9 @@ include eog.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/eog
+nodeny  ${HOME}/.config/eog
 
-whitelist /usr/share/eog
+allow  /usr/share/eog
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eog.local if you need that functionality.
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile
index 7143a8e0328..323f5ade221 100644
--- a/etc/profile-a-l/eom.profile
+++ b/etc/profile-a-l/eom.profile
@@ -6,9 +6,9 @@ include eom.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mate/eom
+nodeny  ${HOME}/.config/mate/eom
 
-whitelist /usr/share/eom
+allow  /usr/share/eom
 
 # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'.
 # Add the next lines to your eom.local if you need that functionality.
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile
index 131d68951d9..3657742b9bf 100644
--- a/etc/profile-a-l/ephemeral.profile
+++ b/etc/profile-a-l/ephemeral.profile
@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile
index 225811226fa..daedb21930f 100644
--- a/etc/profile-a-l/epiphany.profile
+++ b/etc/profile-a-l/epiphany.profile
@@ -9,9 +9,9 @@ include globals.local
 # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more.
 # See https://github.com/netblue30/firejail/issues/2995
 
-noblacklist ${HOME}/.cache/epiphany
-noblacklist ${HOME}/.config/epiphany
-noblacklist ${HOME}/.local/share/epiphany
+nodeny  ${HOME}/.cache/epiphany
+nodeny  ${HOME}/.config/epiphany
+nodeny  ${HOME}/.local/share/epiphany
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/epiphany
 mkdir ${HOME}/.config/epiphany
 mkdir ${HOME}/.local/share/epiphany
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/epiphany
-whitelist ${HOME}/.config/epiphany
-whitelist ${HOME}/.local/share/epiphany
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/epiphany
+allow  ${HOME}/.config/epiphany
+allow  ${HOME}/.local/share/epiphany
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
index 964d3b7ca0d..ac957870c28 100644
--- a/etc/profile-a-l/equalx.profile
+++ b/etc/profile-a-l/equalx.profile
@@ -6,8 +6,8 @@ include equalx.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/equalx
-noblacklist ${HOME}/.equalx
+nodeny  ${HOME}/.config/equalx
+nodeny  ${HOME}/.equalx
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/equalx
 mkdir ${HOME}/.equalx
-whitelist ${HOME}/.config/equalx
-whitelist ${HOME}/.equalx
-whitelist /usr/share/poppler
-whitelist /usr/share/ghostscript
-whitelist /usr/share/texlive
-whitelist /usr/share/equalx
-whitelist /var/lib/texmf
+allow  ${HOME}/.config/equalx
+allow  ${HOME}/.equalx
+allow  /usr/share/poppler
+allow  /usr/share/ghostscript
+allow  /usr/share/texlive
+allow  /usr/share/equalx
+allow  /var/lib/texmf
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index fdff1e4b5ac..a2f46b757d3 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -6,9 +6,9 @@ include etr.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.etr
+nodeny  ${HOME}/.etr
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.etr
-whitelist ${HOME}/.etr
-whitelist /usr/share/etr
+allow  ${HOME}/.etr
+allow  /usr/share/etr
 # Debian version
-whitelist /usr/share/games/etr
+allow  /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
index a9e39b15c29..ce2617ad6a6 100644
--- a/etc/profile-a-l/evince.profile
+++ b/etc/profile-a-l/evince.profile
@@ -10,10 +10,10 @@ include globals.local
 # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below).
 #noblacklist ${HOME}/.local/share/gvfs-metadata
 
-noblacklist ${HOME}/.config/evince
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/evince
+nodeny  ${DOCUMENTS}
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/doc
-whitelist /usr/share/evince
-whitelist /usr/share/poppler
-whitelist /usr/share/tracker
+allow  /usr/share/doc
+allow  /usr/share/evince
+allow  /usr/share/poppler
+allow  /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile
index 7222493ac3b..142498a28da 100644
--- a/etc/profile-a-l/evolution.profile
+++ b/etc/profile-a-l/evolution.profile
@@ -6,15 +6,15 @@ include evolution.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/mail
-noblacklist /var/spool/mail
-noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/evolution
-noblacklist ${HOME}/.config/evolution
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.local/share/evolution
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  /var/mail
+nodeny  /var/spool/mail
+nodeny  ${HOME}/.bogofilter
+nodeny  ${HOME}/.cache/evolution
+nodeny  ${HOME}/.config/evolution
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.local/share/evolution
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
index 7b09a2c64d2..21681498937 100644
--- a/etc/profile-a-l/exiftool.profile
+++ b/etc/profile-a-l/exiftool.profile
@@ -6,7 +6,7 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -18,7 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/perl-image-exiftool
+allow  /usr/share/perl-image-exiftool
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index b2061db79b4..9bb42945b16 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -6,8 +6,8 @@ include falkon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/falkon
-noblacklist ${HOME}/.config/falkon
+nodeny  ${HOME}/.cache/falkon
+nodeny  ${HOME}/.config/falkon
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/falkon
-whitelist ${HOME}/.config/falkon
-whitelist /usr/share/falkon
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/falkon
+allow  ${HOME}/.config/falkon
+allow  /usr/share/falkon
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
index 8e81000fd26..d141c6ed591 100644
--- a/etc/profile-a-l/fbreader.profile
+++ b/etc/profile-a-l/fbreader.profile
@@ -6,8 +6,8 @@ include fbreader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.FBReader
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.FBReader
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 31cb1776ca5..17a3650534c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -5,11 +5,11 @@ include fdns.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile
index 664ec2da640..359be083e30 100644
--- a/etc/profile-a-l/feedreader.profile
+++ b/etc/profile-a-l/feedreader.profile
@@ -6,8 +6,8 @@ include feedreader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/feedreader
-noblacklist ${HOME}/.local/share/feedreader
+nodeny  ${HOME}/.cache/feedreader
+nodeny  ${HOME}/.local/share/feedreader
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/feedreader
 mkdir ${HOME}/.local/share/feedreader
-whitelist ${HOME}/.cache/feedreader
-whitelist ${HOME}/.local/share/feedreader
-whitelist /usr/share/feedreader
+allow  ${HOME}/.cache/feedreader
+allow  ${HOME}/.local/share/feedreader
+allow  /usr/share/feedreader
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile
index a2372ec8af6..f60055f37a7 100644
--- a/etc/profile-a-l/ferdi.profile
+++ b/etc/profile-a-l/ferdi.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.cache/Ferdi
-noblacklist ${HOME}/.config/Ferdi
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.cache/Ferdi
+nodeny  ${HOME}/.config/Ferdi
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/Ferdi
-whitelist ${HOME}/.config/Ferdi
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/Ferdi
+allow  ${HOME}/.config/Ferdi
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile
index 7358ed5c7cb..1e06ec29a3f 100644
--- a/etc/profile-a-l/fetchmail.profile
+++ b/etc/profile-a-l/fetchmail.profile
@@ -6,8 +6,8 @@ include fetchmail.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.fetchmailrc
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.fetchmailrc
+nodeny  ${HOME}/.netrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
index 13ef1beb9d3..1a64183ab5b 100644
--- a/etc/profile-a-l/ffmpeg.profile
+++ b/etc/profile-a-l/ffmpeg.profile
@@ -7,8 +7,8 @@ include ffmpeg.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/devedeng
-whitelist /usr/share/ffmpeg
-whitelist /usr/share/qtchooser
+allow  /usr/share/devedeng
+allow  /usr/share/ffmpeg
+allow  /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index 4e651ed61c1..9f140850f50 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -13,8 +13,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/libexec/file-roller
-whitelist /usr/share/file-roller
+allow  /usr/libexec/file-roller
+allow  /usr/share/file-roller
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile
index 5c758360523..426d1e72db9 100644
--- a/etc/profile-a-l/file.profile
+++ b/etc/profile-a-l/file.profile
@@ -7,7 +7,7 @@ include file.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index dc5def54fec..d9e0e9da04b 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -6,8 +6,8 @@ include filezilla.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/filezilla
-noblacklist ${HOME}/.filezilla
+nodeny  ${HOME}/.config/filezilla
+nodeny  ${HOME}/.filezilla
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile
index 77487161e84..e2242479468 100644
--- a/etc/profile-a-l/firedragon.profile
+++ b/etc/profile-a-l/firedragon.profile
@@ -6,13 +6,13 @@ include firedragon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/firedragon
-noblacklist ${HOME}/.firedragon
+nodeny  ${HOME}/.cache/firedragon
+nodeny  ${HOME}/.firedragon
 
 mkdir ${HOME}/.cache/firedragon
 mkdir ${HOME}/.firedragon
-whitelist ${HOME}/.cache/firedragon
-whitelist ${HOME}/.firedragon
+allow  ${HOME}/.cache/firedragon
+allow  ${HOME}/.firedragon
 
 # Add the next lines to your firedragon.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile
index d282f9a60fa..7e2e8760d0d 100644
--- a/etc/profile-a-l/firefox-common-addons.profile
+++ b/etc/profile-a-l/firefox-common-addons.profile
@@ -5,74 +5,74 @@ include firefox-common-addons.local
 ignore include whitelist-runuser-common.inc
 ignore private-cache
 
-noblacklist ${HOME}/.cache/youtube-dl
-noblacklist ${HOME}/.config/kgetrc
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.config/okularpartrc
-noblacklist ${HOME}/.config/okularrc
-noblacklist ${HOME}/.config/qpdfview
-noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.kde/share/apps/kget
-noblacklist ${HOME}/.kde/share/apps/okular
-noblacklist ${HOME}/.kde/share/config/kgetrc
-noblacklist ${HOME}/.kde/share/config/okularpartrc
-noblacklist ${HOME}/.kde/share/config/okularrc
-noblacklist ${HOME}/.kde4/share/apps/kget
-noblacklist ${HOME}/.kde4/share/apps/okular
-noblacklist ${HOME}/.kde4/share/config/kgetrc
-noblacklist ${HOME}/.kde4/share/config/okularpartrc
-noblacklist ${HOME}/.kde4/share/config/okularrc
-noblacklist ${HOME}/.local/share/kget
-noblacklist ${HOME}/.local/share/kxmlgui5/okular
-noblacklist ${HOME}/.local/share/okular
-noblacklist ${HOME}/.local/share/qpdfview
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.cache/youtube-dl
+nodeny  ${HOME}/.config/kgetrc
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.config/okularpartrc
+nodeny  ${HOME}/.config/okularrc
+nodeny  ${HOME}/.config/qpdfview
+nodeny  ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.kde/share/apps/kget
+nodeny  ${HOME}/.kde/share/apps/okular
+nodeny  ${HOME}/.kde/share/config/kgetrc
+nodeny  ${HOME}/.kde/share/config/okularpartrc
+nodeny  ${HOME}/.kde/share/config/okularrc
+nodeny  ${HOME}/.kde4/share/apps/kget
+nodeny  ${HOME}/.kde4/share/apps/okular
+nodeny  ${HOME}/.kde4/share/config/kgetrc
+nodeny  ${HOME}/.kde4/share/config/okularpartrc
+nodeny  ${HOME}/.kde4/share/config/okularrc
+nodeny  ${HOME}/.local/share/kget
+nodeny  ${HOME}/.local/share/kxmlgui5/okular
+nodeny  ${HOME}/.local/share/okular
+nodeny  ${HOME}/.local/share/qpdfview
+nodeny  ${HOME}/.netrc
 
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
-whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/kgetrc
-whitelist ${HOME}/.config/mpv
-whitelist ${HOME}/.config/okularpartrc
-whitelist ${HOME}/.config/okularrc
-whitelist ${HOME}/.config/pipelight-silverlight5.1
-whitelist ${HOME}/.config/pipelight-widevine
-whitelist ${HOME}/.config/qpdfview
-whitelist ${HOME}/.config/youtube-dl
-whitelist ${HOME}/.kde/share/apps/kget
-whitelist ${HOME}/.kde/share/apps/okular
-whitelist ${HOME}/.kde/share/config/kgetrc
-whitelist ${HOME}/.kde/share/config/okularpartrc
-whitelist ${HOME}/.kde/share/config/okularrc
-whitelist ${HOME}/.kde4/share/apps/kget
-whitelist ${HOME}/.kde4/share/apps/okular
-whitelist ${HOME}/.kde4/share/config/kgetrc
-whitelist ${HOME}/.kde4/share/config/okularpartrc
-whitelist ${HOME}/.kde4/share/config/okularrc
-whitelist ${HOME}/.keysnail.js
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.local/share/kget
-whitelist ${HOME}/.local/share/kxmlgui5/okular
-whitelist ${HOME}/.local/share/okular
-whitelist ${HOME}/.local/share/qpdfview
-whitelist ${HOME}/.local/share/tridactyl
-whitelist ${HOME}/.netrc
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.tridactylrc
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.wine-pipelight
-whitelist ${HOME}/.wine-pipelight64
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-whitelist /usr/share/lua
-whitelist /usr/share/lua*
-whitelist /usr/share/vulkan
+allow  ${HOME}/.cache/gnome-mplayer/plugin
+allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+allow  ${HOME}/.config/gnome-mplayer
+allow  ${HOME}/.config/kgetrc
+allow  ${HOME}/.config/mpv
+allow  ${HOME}/.config/okularpartrc
+allow  ${HOME}/.config/okularrc
+allow  ${HOME}/.config/pipelight-silverlight5.1
+allow  ${HOME}/.config/pipelight-widevine
+allow  ${HOME}/.config/qpdfview
+allow  ${HOME}/.config/youtube-dl
+allow  ${HOME}/.kde/share/apps/kget
+allow  ${HOME}/.kde/share/apps/okular
+allow  ${HOME}/.kde/share/config/kgetrc
+allow  ${HOME}/.kde/share/config/okularpartrc
+allow  ${HOME}/.kde/share/config/okularrc
+allow  ${HOME}/.kde4/share/apps/kget
+allow  ${HOME}/.kde4/share/apps/okular
+allow  ${HOME}/.kde4/share/config/kgetrc
+allow  ${HOME}/.kde4/share/config/okularpartrc
+allow  ${HOME}/.kde4/share/config/okularrc
+allow  ${HOME}/.keysnail.js
+allow  ${HOME}/.lastpass
+allow  ${HOME}/.local/share/kget
+allow  ${HOME}/.local/share/kxmlgui5/okular
+allow  ${HOME}/.local/share/okular
+allow  ${HOME}/.local/share/qpdfview
+allow  ${HOME}/.local/share/tridactyl
+allow  ${HOME}/.netrc
+allow  ${HOME}/.pentadactyl
+allow  ${HOME}/.pentadactylrc
+allow  ${HOME}/.tridactylrc
+allow  ${HOME}/.vimperator
+allow  ${HOME}/.vimperatorrc
+allow  ${HOME}/.wine-pipelight
+allow  ${HOME}/.wine-pipelight64
+allow  ${HOME}/.zotero
+allow  ${HOME}/dwhelper
+allow  /usr/share/lua
+allow  /usr/share/lua*
+allow  /usr/share/vulkan
 
 # GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-noblacklist ${HOME}/.local/share/gnome-shell
-whitelist ${HOME}/.local/share/gnome-shell
+nodeny  ${HOME}/.local/share/gnome-shell
+allow  ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.ChromeGnomeShell
 dbus-user.talk org.gnome.Shell
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index 8b74ed979ea..cb0fae5dca8 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile
index 5e69fdb5195..4fd315fdf33 100644
--- a/etc/profile-a-l/firefox-esr.profile
+++ b/etc/profile-a-l/firefox-esr.profile
@@ -6,7 +6,7 @@ include firefox-esr.local
 # added by included profile
 #include globals.local
 
-whitelist /usr/share/firefox-esr
+allow  /usr/share/firefox-esr
 
 # Redirect
 include firefox.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 3ad67734d05..8acfe7c2ad7 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -14,27 +14,27 @@ include globals.local
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 mkdir ${HOME}/.cache/mozilla/firefox
 mkdir ${HOME}/.mozilla
-whitelist ${HOME}/.cache/mozilla/firefox
-whitelist ${HOME}/.mozilla
+allow  ${HOME}/.cache/mozilla/firefox
+allow  ${HOME}/.mozilla
 
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
 # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-whitelist /usr/share/doc
-whitelist /usr/share/firefox
-whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
-whitelist /usr/share/gtk-doc/html
-whitelist /usr/share/mozilla
-whitelist /usr/share/webext
+allow  /usr/share/doc
+allow  /usr/share/firefox
+allow  /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
+allow  /usr/share/gtk-doc/html
+allow  /usr/share/mozilla
+allow  /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile
index 2c86d3ac73f..bd1becaf01f 100644
--- a/etc/profile-a-l/five-or-more.profile
+++ b/etc/profile-a-l/five-or-more.profile
@@ -6,12 +6,12 @@ include five-or-more.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/five-or-more
+nodeny  ${HOME}/.local/share/five-or-more
 
 mkdir ${HOME}/.local/share/five-or-more
-whitelist ${HOME}/.local/share/five-or-more
+allow  ${HOME}/.local/share/five-or-more
 
-whitelist /usr/share/five-or-more
+allow  /usr/share/five-or-more
 
 private-bin five-or-more
 
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 55af96c841a..f16a65536e5 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -7,9 +7,9 @@ include flameshot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
-noblacklist ${HOME}/.config/Dharkael
-noblacklist ${HOME}/.config/flameshot
+nodeny  ${PICTURES}
+nodeny  ${HOME}/.config/Dharkael
+nodeny  ${HOME}/.config/flameshot
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,7 +25,7 @@ include disable-xdg.inc
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
 #whitelist ${HOME}/.config/flameshot
-whitelist /usr/share/flameshot
+allow  /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile
index 310fb378f0b..af114e129ce 100644
--- a/etc/profile-a-l/flashpeak-slimjet.profile
+++ b/etc/profile-a-l/flashpeak-slimjet.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/slimjet
-noblacklist ${HOME}/.config/slimjet
+nodeny  ${HOME}/.cache/slimjet
+nodeny  ${HOME}/.config/slimjet
 
 mkdir ${HOME}/.cache/slimjet
 mkdir ${HOME}/.config/slimjet
-whitelist ${HOME}/.cache/slimjet
-whitelist ${HOME}/.config/slimjet
+allow  ${HOME}/.cache/slimjet
+allow  ${HOME}/.config/slimjet
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile
index a4421e3ce59..505763fb9cf 100644
--- a/etc/profile-a-l/flowblade.profile
+++ b/etc/profile-a-l/flowblade.profile
@@ -6,8 +6,8 @@ include flowblade.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/flowblade
-noblacklist ${HOME}/.flowblade
+nodeny  ${HOME}/.config/flowblade
+nodeny  ${HOME}/.flowblade
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile
index 1210f365c5e..a22c0e1034e 100644
--- a/etc/profile-a-l/fluxbox.profile
+++ b/etc/profile-a-l/fluxbox.profile
@@ -7,7 +7,7 @@ include fluxbox.local
 include globals.local
 
 # all applications started in fluxbox will run in this profile
-noblacklist ${HOME}/.fluxbox
+nodeny  ${HOME}/.fluxbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
index cd01294366f..ff9167c1afd 100644
--- a/etc/profile-a-l/font-manager.profile
+++ b/etc/profile-a-l/font-manager.profile
@@ -6,8 +6,8 @@ include font-manager.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/font-manager
-noblacklist ${HOME}/.config/font-manager
+nodeny  ${HOME}/.cache/font-manager
+nodeny  ${HOME}/.config/font-manager
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
-whitelist ${HOME}/.cache/font-manager
-whitelist ${HOME}/.config/font-manager
-whitelist /usr/share/font-manager
+allow  ${HOME}/.cache/font-manager
+allow  ${HOME}/.config/font-manager
+allow  /usr/share/font-manager
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile
index bd1495877da..64c7655e2db 100644
--- a/etc/profile-a-l/fontforge.profile
+++ b/etc/profile-a-l/fontforge.profile
@@ -6,8 +6,8 @@ include fontforge.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.FontForge
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.FontForge
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile
index 2d700d3368e..5e5a12794fc 100644
--- a/etc/profile-a-l/fossamail.profile
+++ b/etc/profile-a-l/fossamail.profile
@@ -6,16 +6,16 @@ include fossamail.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/fossamail
-noblacklist ${HOME}/.fossamail
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.cache/fossamail
+nodeny  ${HOME}/.fossamail
+nodeny  ${HOME}/.gnupg
 
 mkdir ${HOME}/.cache/fossamail
 mkdir ${HOME}/.fossamail
 mkdir ${HOME}/.gnupg
-whitelist ${HOME}/.cache/fossamail
-whitelist ${HOME}/.fossamail
-whitelist ${HOME}/.gnupg
+allow  ${HOME}/.cache/fossamail
+allow  ${HOME}/.fossamail
+allow  ${HOME}/.gnupg
 include whitelist-common.inc
 
 # allow browsers
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile
index eb0c43ca51e..97fd4a62635 100644
--- a/etc/profile-a-l/four-in-a-row.profile
+++ b/etc/profile-a-l/four-in-a-row.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-whitelist /usr/share/four-in-a-row
+allow  /usr/share/four-in-a-row
 
 private-bin four-in-a-row
 
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
index 1b1d031b4c9..8edc9b02d3f 100644
--- a/etc/profile-a-l/fractal.profile
+++ b/etc/profile-a-l/fractal.profile
@@ -6,7 +6,7 @@ include fractal.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/fractal
+nodeny  ${HOME}/.cache/fractal
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/fractal
-whitelist ${HOME}/.cache/fractal
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/fractal
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile
index 9b780a57246..1a8ec8f9919 100644
--- a/etc/profile-a-l/franz.profile
+++ b/etc/profile-a-l/franz.profile
@@ -7,10 +7,10 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.cache/Franz
-noblacklist ${HOME}/.config/Franz
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.cache/Franz
+nodeny  ${HOME}/.config/Franz
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/Franz
-whitelist ${HOME}/.config/Franz
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/Franz
+allow  ${HOME}/.config/Franz
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile
index 8043d0530f0..a45ad4c7a3d 100644
--- a/etc/profile-a-l/freecad.profile
+++ b/etc/profile-a-l/freecad.profile
@@ -6,8 +6,8 @@ include freecad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/FreeCAD
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/FreeCAD
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile
index 23c19682c06..20abd4056ad 100644
--- a/etc/profile-a-l/freeciv.profile
+++ b/etc/profile-a-l/freeciv.profile
@@ -6,7 +6,7 @@ include freeciv.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.freeciv
+nodeny  ${HOME}/.freeciv
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.freeciv
-whitelist ${HOME}/.freeciv
+allow  ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile
index 93fa7da0359..79ccf4101e7 100644
--- a/etc/profile-a-l/freecol.profile
+++ b/etc/profile-a-l/freecol.profile
@@ -6,10 +6,10 @@ include freecol.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.freecol
-noblacklist ${HOME}/.cache/freecol
-noblacklist ${HOME}/.config/freecol
-noblacklist ${HOME}/.local/share/freecol
+nodeny  ${HOME}/.freecol
+nodeny  ${HOME}/.cache/freecol
+nodeny  ${HOME}/.config/freecol
+nodeny  ${HOME}/.local/share/freecol
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java
 mkdir ${HOME}/.cache/freecol
 mkdir ${HOME}/.config/freecol
 mkdir ${HOME}/.local/share/freecol
-whitelist ${HOME}/.freecol
-whitelist ${HOME}/.java
-whitelist ${HOME}/.cache/freecol
-whitelist ${HOME}/.config/freecol
-whitelist ${HOME}/.local/share/freecol
+allow  ${HOME}/.freecol
+allow  ${HOME}/.java
+allow  ${HOME}/.cache/freecol
+allow  ${HOME}/.config/freecol
+allow  ${HOME}/.local/share/freecol
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile
index 69917703912..ba52dd20850 100644
--- a/etc/profile-a-l/freemind.profile
+++ b/etc/profile-a-l/freemind.profile
@@ -6,8 +6,8 @@ include freemind.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.freemind
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.freemind
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index e6aff533da7..4c321322cb5 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,12 +6,12 @@ include freetube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/FreeTube
+nodeny  ${HOME}/.config/FreeTube
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/FreeTube
-whitelist ${HOME}/.config/FreeTube
+allow  ${HOME}/.config/FreeTube
 
 private-bin freetube
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile
index b4ad810466a..3a6dfcfd6e8 100644
--- a/etc/profile-a-l/frogatto.profile
+++ b/etc/profile-a-l/frogatto.profile
@@ -6,7 +6,7 @@ include frogatto.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.frogatto
+nodeny  ${HOME}/.frogatto
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frogatto
-whitelist ${HOME}/.frogatto
-whitelist /usr/libexec/frogatto
-whitelist /usr/share/frogatto
+allow  ${HOME}/.frogatto
+allow  /usr/libexec/frogatto
+allow  /usr/share/frogatto
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 76352e41e77..12eca8eb0dc 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -6,7 +6,7 @@ include frozen-bubble.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.frozen-bubble
+nodeny  ${HOME}/.frozen-bubble
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.frozen-bubble
-whitelist ${HOME}/.frozen-bubble
+allow  ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
index 8852925b1e3..07030df4b93 100644
--- a/etc/profile-a-l/funnyboat.profile
+++ b/etc/profile-a-l/funnyboat.profile
@@ -5,7 +5,7 @@ include funnyboat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.funnyboat
+nodeny  ${HOME}/.funnyboat
 
 ignore noexec /dev/shm
 include allow-python2.inc
@@ -21,12 +21,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.funnyboat
-whitelist ${HOME}/.funnyboat
+allow  ${HOME}/.funnyboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-whitelist /usr/share/funnyboat
+allow  /usr/share/funnyboat
 # Debian:
-whitelist /usr/share/games/funnyboat
+allow  /usr/share/games/funnyboat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index ed3f0357d16..4cd2cb1e62b 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,10 +6,10 @@ include gajim.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.cache/gajim
-noblacklist ${HOME}/.config/gajim
-noblacklist ${HOME}/.local/share/gajim
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.cache/gajim
+nodeny  ${HOME}/.config/gajim
+nodeny  ${HOME}/.local/share/gajim
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.cache/gajim
-whitelist ${HOME}/.config/gajim
-whitelist ${HOME}/.local/share/gajim
-whitelist ${DOWNLOADS}
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.cache/gajim
+allow  ${HOME}/.config/gajim
+allow  ${HOME}/.local/share/gajim
+allow  ${DOWNLOADS}
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
index 550b3808b85..0b1b595a6c9 100644
--- a/etc/profile-a-l/galculator.profile
+++ b/etc/profile-a-l/galculator.profile
@@ -6,7 +6,7 @@ include galculator.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/galculator
+nodeny  ${HOME}/.config/galculator
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/galculator
-whitelist ${HOME}/.config/galculator
+allow  ${HOME}/.config/galculator
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
index 3a8c055f297..00b83023432 100644
--- a/etc/profile-a-l/gapplication.profile
+++ b/etc/profile-a-l/gapplication.profile
@@ -6,8 +6,8 @@ include gapplication.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-blacklist /usr/libexec
+deny  ${RUNUSER}/wayland-*
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile
index 388f4c0dfa9..896a100fcb3 100644
--- a/etc/profile-a-l/gcloud.profile
+++ b/etc/profile-a-l/gcloud.profile
@@ -8,9 +8,9 @@ include globals.local
 # noexec ${HOME} will break user-local installs of gcloud tooling
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.boto
-noblacklist ${HOME}/.config/gcloud
-noblacklist /var/run/docker.sock
+nodeny  ${HOME}/.boto
+nodeny  ${HOME}/.config/gcloud
+nodeny  /var/run/docker.sock
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile
index cb39174e569..8f72f0b3430 100644
--- a/etc/profile-a-l/gconf-editor.profile
+++ b/etc/profile-a-l/gconf-editor.profile
@@ -7,9 +7,9 @@ include gconf-editor.local
 # added by included profile
 #include globals.local
 
-blacklist /tmp/.X11-unix
+deny  /tmp/.X11-unix
 
-whitelist /usr/share/gconf-editor
+allow  /usr/share/gconf-editor
 
 ignore x11 none
 
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile
index fec1a555a11..8c701357430 100644
--- a/etc/profile-a-l/gconf.profile
+++ b/etc/profile-a-l/gconf.profile
@@ -6,9 +6,9 @@ include gconf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/gconf
+nodeny  ${HOME}/.config/gconf
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -23,9 +23,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gconf
-whitelist ${HOME}/.config/gconf
-whitelist /usr/share/GConf
-whitelist /usr/share/gconf
+allow  ${HOME}/.config/gconf
+allow  /usr/share/GConf
+allow  /usr/share/gconf
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile
index 6fdb9b37a14..706a85c7551 100644
--- a/etc/profile-a-l/geany.profile
+++ b/etc/profile-a-l/geany.profile
@@ -6,7 +6,7 @@ include geany.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/geany
+nodeny  ${HOME}/.config/geany
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile
index 74e135a7c72..512fc1e59c5 100644
--- a/etc/profile-a-l/geary.profile
+++ b/etc/profile-a-l/geary.profile
@@ -6,14 +6,14 @@ include geary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/evolution
-noblacklist ${HOME}/.cache/folks
-noblacklist ${HOME}/.cache/geary
-noblacklist ${HOME}/.config/evolution
-noblacklist ${HOME}/.config/geary
-noblacklist ${HOME}/.local/share/evolution
-noblacklist ${HOME}/.local/share/geary
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/evolution
+nodeny  ${HOME}/.cache/folks
+nodeny  ${HOME}/.cache/geary
+nodeny  ${HOME}/.config/evolution
+nodeny  ${HOME}/.config/geary
+nodeny  ${HOME}/.local/share/evolution
+nodeny  ${HOME}/.local/share/geary
+nodeny  ${HOME}/.mozilla
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution
 mkdir ${HOME}/.config/geary
 mkdir ${HOME}/.local/share/evolution
 mkdir ${HOME}/.local/share/geary
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/evolution
-whitelist ${HOME}/.cache/folks
-whitelist ${HOME}/.cache/geary
-whitelist ${HOME}/.config/evolution
-whitelist ${HOME}/.config/geary
-whitelist ${HOME}/.local/share/evolution
-whitelist ${HOME}/.local/share/geary
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist /usr/share/geary
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/evolution
+allow  ${HOME}/.cache/folks
+allow  ${HOME}/.cache/geary
+allow  ${HOME}/.config/evolution
+allow  ${HOME}/.config/geary
+allow  ${HOME}/.local/share/evolution
+allow  ${HOME}/.local/share/geary
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  /usr/share/geary
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile
index 108b7041d24..f11540374cb 100644
--- a/etc/profile-a-l/gedit.profile
+++ b/etc/profile-a-l/gedit.profile
@@ -6,8 +6,8 @@ include gedit.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/enchant
-noblacklist ${HOME}/.config/gedit
+nodeny  ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/gedit
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile
index dd33b3fb57d..8ec3bbaf9ff 100644
--- a/etc/profile-a-l/geeqie.profile
+++ b/etc/profile-a-l/geeqie.profile
@@ -6,9 +6,9 @@ include geeqie.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/geeqie
-noblacklist ${HOME}/.config/geeqie
-noblacklist ${HOME}/.local/share/geeqie
+nodeny  ${HOME}/.cache/geeqie
+nodeny  ${HOME}/.config/geeqie
+nodeny  ${HOME}/.local/share/geeqie
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
index f894a42ca46..1661da639bb 100644
--- a/etc/profile-a-l/gfeeds.profile
+++ b/etc/profile-a-l/gfeeds.profile
@@ -6,10 +6,10 @@ include gfeeds.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gfeeds
-noblacklist ${HOME}/.cache/org.gabmus.gfeeds
-noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
-noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+nodeny  ${HOME}/.cache/gfeeds
+nodeny  ${HOME}/.cache/org.gabmus.gfeeds
+nodeny  ${HOME}/.config/org.gabmus.gfeeds.json
+nodeny  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds
 mkdir ${HOME}/.cache/org.gabmus.gfeeds
 mkfile ${HOME}/.config/org.gabmus.gfeeds.json
 mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-whitelist ${HOME}/.cache/gfeeds
-whitelist ${HOME}/.cache/org.gabmus.gfeeds
-whitelist ${HOME}/.config/org.gabmus.gfeeds.json
-whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/gfeeds
+allow  ${HOME}/.cache/gfeeds
+allow  ${HOME}/.cache/org.gabmus.gfeeds
+allow  ${HOME}/.config/org.gabmus.gfeeds.json
+allow  ${HOME}/.config/org.gabmus.gfeeds.saved_articles
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/gfeeds
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index d9c5a0d9a80..06929dbe345 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -7,8 +7,8 @@ include gget.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
index 276ab76df36..0577fe24f0d 100644
--- a/etc/profile-a-l/ghostwriter.profile
+++ b/etc/profile-a-l/ghostwriter.profile
@@ -6,10 +6,10 @@ include ghostwriter.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ghostwriter
-noblacklist ${HOME}/.local/share/ghostwriter
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/ghostwriter
+nodeny  ${HOME}/.local/share/ghostwriter
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include allow-lua.inc
 
@@ -22,10 +22,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/ghostwriter
-whitelist /usr/share/mozilla-dicts
-whitelist /usr/share/texlive
-whitelist /usr/share/pandoc*
+allow  /usr/share/ghostwriter
+allow  /usr/share/mozilla-dicts
+allow  /usr/share/texlive
+allow  /usr/share/pandoc*
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index dfc1304d12c..de9db8d0f9d 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -18,13 +18,13 @@ include globals.local
 # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local.
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/babl
-noblacklist ${HOME}/.cache/gegl-0.4
-noblacklist ${HOME}/.cache/gimp
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.gimp*
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/babl
+nodeny  ${HOME}/.cache/gegl-0.4
+nodeny  ${HOME}/.cache/gimp
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.gimp*
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-exec.inc
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gegl-0.4
-whitelist /usr/share/gimp
-whitelist /usr/share/mypaint-data
-whitelist /usr/share/lensfun
+allow  /usr/share/gegl-0.4
+allow  /usr/share/gimp
+allow  /usr/share/mypaint-data
+allow  /usr/share/lensfun
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index 661c3a3756f..e601d3ab024 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -7,10 +7,10 @@ include gist.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.gist
+nodeny  ${HOME}/.gist
 
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gist
-whitelist ${HOME}/.gist
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.gist
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 5e424937679..74b7506cfd1 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -8,12 +8,12 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.subversion
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.config/git-cola
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.subversion
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.config/git-cola
 # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings.
 #noblacklist ${HOME}/
 
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
 # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer.
-whitelist /usr/share/git
-whitelist /usr/share/git-cola
-whitelist /usr/share/git-core
-whitelist /usr/share/git-gui
-whitelist /usr/share/gitk
-whitelist /usr/share/gitweb
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  /usr/share/git
+allow  /usr/share/git-cola
+allow  /usr/share/git-core
+allow  /usr/share/git-gui
+allow  /usr/share/gitk
+allow  /usr/share/gitweb
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index bfa0081c6e5..680e9108512 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -7,33 +7,33 @@ include git.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.config/nano
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.nanorc
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.config/nano
+nodeny  ${HOME}/.emacs
+nodeny  ${HOME}/.emacs.d
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.nanorc
+nodeny  ${HOME}/.vim
+nodeny  ${HOME}/.viminfo
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/git
-whitelist /usr/share/git-core
-whitelist /usr/share/gitgui
-whitelist /usr/share/gitweb
-whitelist /usr/share/nano
+allow  /usr/share/git
+allow  /usr/share/git-core
+allow  /usr/share/gitgui
+allow  /usr/share/gitweb
+allow  /usr/share/nano
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index 05d7dffa902..d313b5022f3 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -6,10 +6,10 @@ include gitg.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.local/share/gitg
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.local/share/gitg
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -29,7 +29,7 @@ include disable-programs.inc
 #whitelist ${HOME}/.ssh
 #include whitelist-common.inc
 
-whitelist /usr/share/gitg
+allow  /usr/share/gitg
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile
index 325c54ced78..81b534a745b 100644
--- a/etc/profile-a-l/github-desktop.profile
+++ b/etc/profile-a-l/github-desktop.profile
@@ -22,10 +22,10 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/GitHub Desktop
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
+nodeny  ${HOME}/.config/GitHub Desktop
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
 
 # no3d
 nosound
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile
index 460e2b99057..2d1694ef7a6 100644
--- a/etc/profile-a-l/gitter.profile
+++ b/etc/profile-a-l/gitter.profile
@@ -5,8 +5,8 @@ include gitter.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/autostart
-noblacklist ${HOME}/.config/Gitter
+nodeny  ${HOME}/.config/autostart
+nodeny  ${HOME}/.config/Gitter
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/Gitter
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/autostart
-whitelist ${HOME}/.config/Gitter
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/autostart
+allow  ${HOME}/.config/Gitter
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile
index ed68b3c2d92..e00bb1dbfff 100644
--- a/etc/profile-a-l/gjs.profile
+++ b/etc/profile-a-l/gjs.profile
@@ -8,10 +8,10 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/libgweather
-noblacklist ${HOME}/.cache/org.gnome.Books
-noblacklist ${HOME}/.config/libreoffice
-noblacklist ${HOME}/.local/share/gnome-photos
+nodeny  ${HOME}/.cache/libgweather
+nodeny  ${HOME}/.cache/org.gnome.Books
+nodeny  ${HOME}/.config/libreoffice
+nodeny  ${HOME}/.local/share/gnome-photos
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
index c8cefc67e6d..a3236c2be51 100644
--- a/etc/profile-a-l/gl-117.profile
+++ b/etc/profile-a-l/gl-117.profile
@@ -6,7 +6,7 @@ include gl-117.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gl-117
+nodeny  ${HOME}/.gl-117
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gl-117
-whitelist ${HOME}/.gl-117
-whitelist /usr/share/gl-117
+allow  ${HOME}/.gl-117
+allow  /usr/share/gl-117
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
index ee7af054688..ec894a5f31a 100644
--- a/etc/profile-a-l/glaxium.profile
+++ b/etc/profile-a-l/glaxium.profile
@@ -6,7 +6,7 @@ include glaxium.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.glaxiumrc
+nodeny  ${HOME}/.glaxiumrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.glaxiumrc
-whitelist ${HOME}/.glaxiumrc
-whitelist /usr/share/glaxium
+allow  ${HOME}/.glaxiumrc
+allow  /usr/share/glaxium
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile
index 14b3ef81189..e091b811f7f 100644
--- a/etc/profile-a-l/globaltime.profile
+++ b/etc/profile-a-l/globaltime.profile
@@ -5,7 +5,7 @@ include globaltime.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/globaltime
+nodeny  ${HOME}/.config/globaltime
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile
index b3aad8b2c53..79397d28f4f 100644
--- a/etc/profile-a-l/gmpc.profile
+++ b/etc/profile-a-l/gmpc.profile
@@ -6,8 +6,8 @@ include gmpc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gmpc
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/gmpc
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/gmpc
-whitelist ${HOME}/.config/gmpc
-whitelist ${MUSIC}
-whitelist /usr/share/gmpc
+allow  ${HOME}/.config/gmpc
+allow  ${MUSIC}
+allow  /usr/share/gmpc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile
index 777c81dbebc..c723f6e4669 100644
--- a/etc/profile-a-l/gnome-2048.profile
+++ b/etc/profile-a-l/gnome-2048.profile
@@ -6,10 +6,10 @@ include gnome-2048.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-2048
+nodeny  ${HOME}/.local/share/gnome-2048
 
 mkdir ${HOME}/.local/share/gnome-2048
-whitelist ${HOME}/.local/share/gnome-2048
+allow  ${HOME}/.local/share/gnome-2048
 
 private-bin gnome-2048
 
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile
index 34a7f557ce9..2ed5fa76b66 100644
--- a/etc/profile-a-l/gnome-books.profile
+++ b/etc/profile-a-l/gnome-books.profile
@@ -7,8 +7,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/org.gnome.Books
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/org.gnome.Books
+nodeny  ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile
index 37ca5aeff41..7dd1c6e22f6 100644
--- a/etc/profile-a-l/gnome-builder.profile
+++ b/etc/profile-a-l/gnome-builder.profile
@@ -6,11 +6,11 @@ include gnome-builder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.bash_history
+nodeny  ${HOME}/.bash_history
 
-noblacklist ${HOME}/.cache/gnome-builder
-noblacklist ${HOME}/.config/gnome-builder
-noblacklist ${HOME}/.local/share/gnome-builder
+nodeny  ${HOME}/.cache/gnome-builder
+nodeny  ${HOME}/.config/gnome-builder
+nodeny  ${HOME}/.local/share/gnome-builder
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index 03acd66aa91..d91fbaa4b85 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/libgweather
+allow  /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
index 741fe9bf7cd..806d7e571e6 100644
--- a/etc/profile-a-l/gnome-characters.profile
+++ b/etc/profile-a-l/gnome-characters.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/org.gnome.Characters
+allow  /usr/share/org.gnome.Characters
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
index bd39f625c4f..09521056500 100644
--- a/etc/profile-a-l/gnome-chess.profile
+++ b/etc/profile-a-l/gnome-chess.profile
@@ -6,8 +6,8 @@ include gnome-chess.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-chess
-noblacklist ${HOME}/.local/share/gnome-chess
+nodeny  ${HOME}/.config/gnome-chess
+nodeny  ${HOME}/.local/share/gnome-chess
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 #whitelist ${HOME}/.local/share/gnome-chess
 #include whitelist-common.inc
 
-whitelist /usr/share/gnuchess
-whitelist /usr/share/gnome-chess
+allow  /usr/share/gnuchess
+allow  /usr/share/gnome-chess
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile
index 1e7c70b8412..7e2d458fdb0 100644
--- a/etc/profile-a-l/gnome-clocks.profile
+++ b/etc/profile-a-l/gnome-clocks.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnome-clocks
-whitelist /usr/share/libgweather
+allow  /usr/share/gnome-clocks
+allow  /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile
index dcc6163b6d5..7902fa16904 100644
--- a/etc/profile-a-l/gnome-contacts.profile
+++ b/etc/profile-a-l/gnome-contacts.profile
@@ -6,7 +6,7 @@ include gnome-contacts.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile
index 29ad67af889..0f601149f72 100644
--- a/etc/profile-a-l/gnome-documents.profile
+++ b/etc/profile-a-l/gnome-documents.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.config/libreoffice
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/libreoffice
+nodeny  ${DOCUMENTS}
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile
index 2db956fafa2..50c3e2c6fcc 100644
--- a/etc/profile-a-l/gnome-hexgl.profile
+++ b/etc/profile-a-l/gnome-hexgl.profile
@@ -16,7 +16,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-whitelist /usr/share/gnome-hexgl
+allow  /usr/share/gnome-hexgl
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile
index 25b4c47de84..62a5a34ea91 100644
--- a/etc/profile-a-l/gnome-keyring.profile
+++ b/etc/profile-a-l/gnome-keyring.profile
@@ -7,7 +7,7 @@ include gnome-keyring.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,12 +18,12 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-whitelist ${HOME}/.gnupg
-whitelist ${DOWNLOADS}
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${DOWNLOADS}
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile
index c67a5c0dae8..ed074f944fb 100644
--- a/etc/profile-a-l/gnome-klotski.profile
+++ b/etc/profile-a-l/gnome-klotski.profile
@@ -6,10 +6,10 @@ include gnome-klotski.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-klotski
+nodeny  ${HOME}/.local/share/gnome-klotski
 
 mkdir ${HOME}/.local/share/gnome-klotski
-whitelist ${HOME}/.local/share/gnome-klotski
+allow  ${HOME}/.local/share/gnome-klotski
 
 private-bin gnome-klotski
 
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile
index 1a7eafeca31..4a03a7ff575 100644
--- a/etc/profile-a-l/gnome-latex.profile
+++ b/etc/profile-a-l/gnome-latex.profile
@@ -6,8 +6,8 @@ include gnome-latex.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-latex
-noblacklist ${HOME}/.local/share/gnome-latex
+nodeny  ${HOME}/.config/gnome-latex
+nodeny  ${HOME}/.local/share/gnome-latex
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/gnome-latex
-whitelist /usr/share/texlive
+allow  /usr/share/gnome-latex
+allow  /usr/share/texlive
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 # May cause issues.
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index 9d2ea7b7b39..fcc02dc7664 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /var/log/journal
+allow  /var/log/journal
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile
index 42409dce8c9..e21f03efe2a 100644
--- a/etc/profile-a-l/gnome-mahjongg.profile
+++ b/etc/profile-a-l/gnome-mahjongg.profile
@@ -6,7 +6,7 @@ include gnome-mahjongg.local
 # Persistent global definitions
 include globals.local
 
-whitelist /usr/share/gnome-mahjongg
+allow  /usr/share/gnome-mahjongg
 
 private-bin gnome-mahjongg
 
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
index 23aab343f4e..cf4eceee306 100644
--- a/etc/profile-a-l/gnome-maps.profile
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -11,14 +11,14 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/champlain
-noblacklist ${HOME}/.cache/org.gnome.Maps
-noblacklist ${HOME}/.local/share/maps-places.json
+nodeny  ${HOME}/.cache/champlain
+nodeny  ${HOME}/.cache/org.gnome.Maps
+nodeny  ${HOME}/.local/share/maps-places.json
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -31,12 +31,12 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/champlain
 mkfile ${HOME}/.local/share/maps-places.json
-whitelist ${HOME}/.cache/champlain
-whitelist ${HOME}/.local/share/maps-places.json
-whitelist ${DOWNLOADS}
-whitelist ${PICTURES}
-whitelist /usr/share/gnome-maps
-whitelist /usr/share/libgweather
+allow  ${HOME}/.cache/champlain
+allow  ${HOME}/.local/share/maps-places.json
+allow  ${DOWNLOADS}
+allow  ${PICTURES}
+allow  /usr/share/gnome-maps
+allow  /usr/share/libgweather
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile
index 4fe8986c270..1b2949bc5fa 100644
--- a/etc/profile-a-l/gnome-mines.profile
+++ b/etc/profile-a-l/gnome-mines.profile
@@ -6,11 +6,11 @@ include gnome-mines.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-mines
+nodeny  ${HOME}/.local/share/gnome-mines
 
 mkdir ${HOME}/.local/share/gnome-mines
-whitelist ${HOME}/.local/share/gnome-mines
-whitelist /usr/share/gnome-mines
+allow  ${HOME}/.local/share/gnome-mines
+allow  /usr/share/gnome-mines
 
 private-bin gnome-mines
 
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile
index 43fe71f5e0e..c1cbc796a64 100644
--- a/etc/profile-a-l/gnome-mplayer.profile
+++ b/etc/profile-a-l/gnome-mplayer.profile
@@ -6,9 +6,9 @@ include gnome-mplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-mplayer
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/gnome-mplayer
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile
index 2fcbe991073..8fd0826c4d7 100644
--- a/etc/profile-a-l/gnome-music.profile
+++ b/etc/profile-a-l/gnome-music.profile
@@ -6,8 +6,8 @@ include gnome-music.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-music
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.local/share/gnome-music
+nodeny  ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile
index 814751db3c8..a929582f830 100644
--- a/etc/profile-a-l/gnome-nettool.profile
+++ b/etc/profile-a-l/gnome-nettool.profile
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnome-nettool
+allow  /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile
index b22810d347c..d4c037a4125 100644
--- a/etc/profile-a-l/gnome-nibbles.profile
+++ b/etc/profile-a-l/gnome-nibbles.profile
@@ -9,11 +9,11 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-noblacklist ${HOME}/.local/share/gnome-nibbles
+nodeny  ${HOME}/.local/share/gnome-nibbles
 
 mkdir ${HOME}/.local/share/gnome-nibbles
-whitelist ${HOME}/.local/share/gnome-nibbles
-whitelist /usr/share/gnome-nibbles
+allow  ${HOME}/.local/share/gnome-nibbles
+allow  /usr/share/gnome-nibbles
 
 private-bin gnome-nibbles
 
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile
index fee5f88b9c1..d2cf828cc15 100644
--- a/etc/profile-a-l/gnome-passwordsafe.profile
+++ b/etc/profile-a-l/gnome-passwordsafe.profile
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,8 +24,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/cracklib
-whitelist /usr/share/passwordsafe
+allow  /usr/share/cracklib
+allow  /usr/share/passwordsafe
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile
index 58bf3f349aa..3702da2c741 100644
--- a/etc/profile-a-l/gnome-photos.profile
+++ b/etc/profile-a-l/gnome-photos.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.local/share/gnome-photos
+nodeny  ${HOME}/.local/share/gnome-photos
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile
index 41903b13669..e9ae2bcb0f1 100644
--- a/etc/profile-a-l/gnome-pie.profile
+++ b/etc/profile-a-l/gnome-pie.profile
@@ -6,7 +6,7 @@ include gnome-pie.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnome-pie
+nodeny  ${HOME}/.config/gnome-pie
 
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile
index c2ba7556d6c..bec23910c63 100644
--- a/etc/profile-a-l/gnome-pomodoro.profile
+++ b/etc/profile-a-l/gnome-pomodoro.profile
@@ -6,7 +6,7 @@ include gnome-pomodoro.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-pomodoro
+nodeny  ${HOME}/.local/share/gnome-pomodoro
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/gnome-pomodoro
-whitelist ${HOME}/.local/share/gnome-pomodoro
-whitelist /usr/share/gnome-pomodoro
+allow  ${HOME}/.local/share/gnome-pomodoro
+allow  /usr/share/gnome-pomodoro
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile
index 48c98ebe090..5ef33fdd8b7 100644
--- a/etc/profile-a-l/gnome-recipes.profile
+++ b/etc/profile-a-l/gnome-recipes.profile
@@ -7,8 +7,8 @@ include gnome-recipes.local
 include globals.local
 
 
-noblacklist ${HOME}/.cache/gnome-recipes
-noblacklist ${HOME}/.local/share/gnome-recipes
+nodeny  ${HOME}/.cache/gnome-recipes
+nodeny  ${HOME}/.local/share/gnome-recipes
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-shell.inc
 
 mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
-whitelist ${HOME}/.cache/gnome-recipes
-whitelist ${HOME}/.local/share/gnome-recipes
-whitelist /usr/share/gnome-recipes
+allow  ${HOME}/.cache/gnome-recipes
+allow  ${HOME}/.local/share/gnome-recipes
+allow  /usr/share/gnome-recipes
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile
index 78ceb9c4f74..b34d264f478 100644
--- a/etc/profile-a-l/gnome-ring.profile
+++ b/etc/profile-a-l/gnome-ring.profile
@@ -5,7 +5,7 @@ include gnome-ring.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-ring
+nodeny  ${HOME}/.local/share/gnome-ring
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile
index 8835f2b9323..836d4e2b2cd 100644
--- a/etc/profile-a-l/gnome-robots.profile
+++ b/etc/profile-a-l/gnome-robots.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-whitelist /usr/share/gnome-robots
+allow  /usr/share/gnome-robots
 
 private-bin gnome-robots
 
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile
index 69c90b33d98..146f8bc4e05 100644
--- a/etc/profile-a-l/gnome-schedule.profile
+++ b/etc/profile-a-l/gnome-schedule.profile
@@ -6,17 +6,17 @@ include gnome-schedule.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnome/gnome-schedule
+nodeny  ${HOME}/.gnome/gnome-schedule
 
 # Needs at and crontab to read/write user cron
-noblacklist ${PATH}/at
-noblacklist ${PATH}/crontab
+nodeny  ${PATH}/at
+nodeny  ${PATH}/crontab
 
 # Needs access to these files/dirs
-noblacklist /etc/cron.allow
-noblacklist /etc/cron.deny
-noblacklist /etc/shadow
-noblacklist /var/spool/cron
+nodeny  /etc/cron.allow
+nodeny  /etc/cron.deny
+nodeny  /etc/shadow
+nodeny  /var/spool/cron
 
 # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc)
 # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality
@@ -34,10 +34,10 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.gnome/gnome-schedule
-whitelist ${HOME}/.gnome/gnome-schedule
-whitelist /usr/share/gnome-schedule
-whitelist /var/spool/atd
-whitelist /var/spool/cron
+allow  ${HOME}/.gnome/gnome-schedule
+allow  /usr/share/gnome-schedule
+allow  /var/spool/atd
+allow  /var/spool/cron
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile
index b683b6f6cd6..175549e99be 100644
--- a/etc/profile-a-l/gnome-screenshot.profile
+++ b/etc/profile-a-l/gnome-screenshot.profile
@@ -6,8 +6,8 @@ include gnome-screenshot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
-noblacklist ${HOME}/.cache/gnome-screenshot
+nodeny  ${PICTURES}
+nodeny  ${HOME}/.cache/gnome-screenshot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile
index 34f5fdeffef..c2fb14fa49b 100644
--- a/etc/profile-a-l/gnome-sound-recorder.profile
+++ b/etc/profile-a-l/gnome-sound-recorder.profile
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${HOME}/.local/share/Trash
+nodeny  ${MUSIC}
+nodeny  ${HOME}/.local/share/Trash
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile
index 12fd48a865a..3b7835e5202 100644
--- a/etc/profile-a-l/gnome-sudoku.profile
+++ b/etc/profile-a-l/gnome-sudoku.profile
@@ -6,10 +6,10 @@ include gnome-sudoku.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/gnome-sudoku
+nodeny  ${HOME}/.local/share/gnome-sudoku
 
 mkdir ${HOME}/.local/share/gnome-sudoku
-whitelist ${HOME}/.local/share/gnome-sudoku
+allow  ${HOME}/.local/share/gnome-sudoku
 
 private-bin gnome-sudoku
 
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index 8a818695df4..6978f7cab85 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /var/log
+allow  /var/log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile
index 2341334f7d2..ac87cf70f3f 100644
--- a/etc/profile-a-l/gnome-taquin.profile
+++ b/etc/profile-a-l/gnome-taquin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore machine-id
 ignore nosound
 
-whitelist /usr/share/gnome-taquin
+allow  /usr/share/gnome-taquin
 
 private-bin gnome-taquin
 
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
index 3b147cd4822..092fd58a385 100644
--- a/etc/profile-a-l/gnome-todo.profile
+++ b/etc/profile-a-l/gnome-todo.profile
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnome-todo
+allow  /usr/share/gnome-todo
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile
index b8ec195d30b..d76872ea634 100644
--- a/etc/profile-a-l/gnome-twitch.profile
+++ b/etc/profile-a-l/gnome-twitch.profile
@@ -6,8 +6,8 @@ include gnome-twitch.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gnome-twitch
-noblacklist ${HOME}/.local/share/gnome-twitch
+nodeny  ${HOME}/.cache/gnome-twitch
+nodeny  ${HOME}/.local/share/gnome-twitch
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/gnome-twitch
 mkdir ${HOME}/.local/share/gnome-twitch
-whitelist ${HOME}/.cache/gnome-twitch
-whitelist ${HOME}/.local/share/gnome-twitch
+allow  ${HOME}/.cache/gnome-twitch
+allow  ${HOME}/.local/share/gnome-twitch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile
index 2e08fa41d3b..6f557ff8dcf 100644
--- a/etc/profile-a-l/gnome-weather.profile
+++ b/etc/profile-a-l/gnome-weather.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ${HOME}/.cache/libgweather
+nodeny  ${HOME}/.cache/libgweather
 
 # Allow gjs (blacklisted by disable-interpreters.inc)
 include allow-gjs.inc
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile
index c3014a28850..261efeface1 100644
--- a/etc/profile-a-l/gnote.profile
+++ b/etc/profile-a-l/gnote.profile
@@ -6,8 +6,8 @@ include gnote.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gnote
-noblacklist ${HOME}/.local/share/gnote
+nodeny  ${HOME}/.config/gnote
+nodeny  ${HOME}/.local/share/gnote
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/gnote
 mkdir ${HOME}/.local/share/gnote
-whitelist ${HOME}/.config/gnote
-whitelist ${HOME}/.local/share/gnote
-whitelist /usr/share/gnote
+allow  ${HOME}/.config/gnote
+allow  ${HOME}/.local/share/gnote
+allow  /usr/share/gnote
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile
index 22851ce9fc0..e6fbca26fd9 100644
--- a/etc/profile-a-l/gnubik.profile
+++ b/etc/profile-a-l/gnubik.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gnubik
+allow  /usr/share/gnubik
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile
index 09ca17caab1..f35a53ca41e 100644
--- a/etc/profile-a-l/godot.profile
+++ b/etc/profile-a-l/godot.profile
@@ -6,9 +6,9 @@ include godot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/godot
-noblacklist ${HOME}/.config/godot
-noblacklist ${HOME}/.local/share/godot
+nodeny  ${HOME}/.cache/godot
+nodeny  ${HOME}/.config/godot
+nodeny  ${HOME}/.local/share/godot
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile
index 8399d77c414..95dd41c2ac4 100644
--- a/etc/profile-a-l/goobox.profile
+++ b/etc/profile-a-l/goobox.profile
@@ -6,7 +6,7 @@ include goobox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile
index ebe5e870b54..07f0e587d0e 100644
--- a/etc/profile-a-l/google-chrome-beta.profile
+++ b/etc/profile-a-l/google-chrome-beta.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/google-chrome-beta
-noblacklist ${HOME}/.config/google-chrome-beta
+nodeny  ${HOME}/.cache/google-chrome-beta
+nodeny  ${HOME}/.config/google-chrome-beta
 
-noblacklist ${HOME}/.config/chrome-beta-flags.conf
-noblacklist ${HOME}/.config/chrome-beta-flags.config
+nodeny  ${HOME}/.config/chrome-beta-flags.conf
+nodeny  ${HOME}/.config/chrome-beta-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-beta
 mkdir ${HOME}/.config/google-chrome-beta
-whitelist ${HOME}/.cache/google-chrome-beta
-whitelist ${HOME}/.config/google-chrome-beta
+allow  ${HOME}/.cache/google-chrome-beta
+allow  ${HOME}/.config/google-chrome-beta
 
-whitelist ${HOME}/.config/chrome-beta-flags.conf
-whitelist ${HOME}/.config/chrome-beta-flags.config
+allow  ${HOME}/.config/chrome-beta-flags.conf
+allow  ${HOME}/.config/chrome-beta-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile
index 4d303f71bcb..22990441147 100644
--- a/etc/profile-a-l/google-chrome-unstable.profile
+++ b/etc/profile-a-l/google-chrome-unstable.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/google-chrome-unstable
-noblacklist ${HOME}/.config/google-chrome-unstable
+nodeny  ${HOME}/.cache/google-chrome-unstable
+nodeny  ${HOME}/.config/google-chrome-unstable
 
-noblacklist ${HOME}/.config/chrome-unstable-flags.conf
-noblacklist ${HOME}/.config/chrome-unstable-flags.config
+nodeny  ${HOME}/.config/chrome-unstable-flags.conf
+nodeny  ${HOME}/.config/chrome-unstable-flags.config
 
 mkdir ${HOME}/.cache/google-chrome-unstable
 mkdir ${HOME}/.config/google-chrome-unstable
-whitelist ${HOME}/.cache/google-chrome-unstable
-whitelist ${HOME}/.config/google-chrome-unstable
+allow  ${HOME}/.cache/google-chrome-unstable
+allow  ${HOME}/.config/google-chrome-unstable
 
-whitelist ${HOME}/.config/chrome-unstable-flags.conf
-whitelist ${HOME}/.config/chrome-unstable-flags.config
+allow  ${HOME}/.config/chrome-unstable-flags.conf
+allow  ${HOME}/.config/chrome-unstable-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile
index ed2595f7232..f61642f17fd 100644
--- a/etc/profile-a-l/google-chrome.profile
+++ b/etc/profile-a-l/google-chrome.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/google-chrome
-noblacklist ${HOME}/.config/google-chrome
+nodeny  ${HOME}/.cache/google-chrome
+nodeny  ${HOME}/.config/google-chrome
 
-noblacklist ${HOME}/.config/chrome-flags.conf
-noblacklist ${HOME}/.config/chrome-flags.config
+nodeny  ${HOME}/.config/chrome-flags.conf
+nodeny  ${HOME}/.config/chrome-flags.config
 
 mkdir ${HOME}/.cache/google-chrome
 mkdir ${HOME}/.config/google-chrome
-whitelist ${HOME}/.cache/google-chrome
-whitelist ${HOME}/.config/google-chrome
+allow  ${HOME}/.cache/google-chrome
+allow  ${HOME}/.config/google-chrome
 
-whitelist ${HOME}/.config/chrome-flags.conf
-whitelist ${HOME}/.config/chrome-flags.config
+allow  ${HOME}/.config/chrome-flags.conf
+allow  ${HOME}/.config/chrome-flags.config
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile
index 65ac047714b..6039f7cbd16 100644
--- a/etc/profile-a-l/google-earth.profile
+++ b/etc/profile-a-l/google-earth.profile
@@ -5,8 +5,8 @@ include google-earth.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Google
-noblacklist ${HOME}/.googleearth
+nodeny  ${HOME}/.config/Google
+nodeny  ${HOME}/.googleearth
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/Google
 mkdir ${HOME}/.googleearth
-whitelist ${HOME}/.config/Google
-whitelist ${HOME}/.googleearth
+allow  ${HOME}/.config/Google
+allow  ${HOME}/.googleearth
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile
index a7aabe105bf..fdb65b93c66 100644
--- a/etc/profile-a-l/google-play-music-desktop-player.profile
+++ b/etc/profile-a-l/google-play-music-desktop-player.profile
@@ -8,7 +8,7 @@ include globals.local
 # noexec /tmp breaks mpris support
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Google Play Music Desktop Player
+nodeny  ${HOME}/.config/Google Play Music Desktop Player
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Google Play Music Desktop Player
 # whitelist ${HOME}/.config/pulse
 # whitelist ${HOME}/.pulse
-whitelist ${HOME}/.config/Google Play Music Desktop Player
+allow  ${HOME}/.config/Google Play Music Desktop Player
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index 2d0bce52b51..952c9c1d463 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -7,10 +7,10 @@ include googler-common.local
 # added by caller profile
 #include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.w3m
+nodeny  ${HOME}/.w3m
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -26,7 +26,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.w3m
+allow  ${HOME}/.w3m
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile
index 37b4f0b1c91..9b8da361b7d 100644
--- a/etc/profile-a-l/gpa.profile
+++ b/etc/profile-a-l/gpa.profile
@@ -6,7 +6,7 @@ include gpa.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 7f0b614b13e..5fa66bb55c2 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -7,10 +7,10 @@ include gpg-agent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,11 +20,11 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gnupg
-whitelist ${HOME}/.gnupg
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 4a4d6527cc9..2ad896abe03 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -7,10 +7,10 @@ include gpg.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/pacman/keyrings
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /usr/share/pacman/keyrings
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile
index fa53c26c8cf..0552dc3d7e4 100644
--- a/etc/profile-a-l/gpicview.profile
+++ b/etc/profile-a-l/gpicview.profile
@@ -6,7 +6,7 @@ include gpicview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gpicview
+nodeny  ${HOME}/.config/gpicview
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-whitelist /usr/share/gpicview
+allow  /usr/share/gpicview
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile
index 253d644f17a..c9e62a73f3e 100644
--- a/etc/profile-a-l/gpredict.profile
+++ b/etc/profile-a-l/gpredict.profile
@@ -6,7 +6,7 @@ include gpredict.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Gpredict
+nodeny  ${HOME}/.config/Gpredict
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Gpredict
-whitelist ${HOME}/.config/Gpredict
+allow  ${HOME}/.config/Gpredict
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 2b4c536d2a4..2aebe23382c 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -5,8 +5,8 @@ include gradio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gradio
-noblacklist ${HOME}/.local/share/gradio
+nodeny  ${HOME}/.cache/gradio
+nodeny  ${HOME}/.local/share/gradio
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
-whitelist ${HOME}/.cache/gradio
-whitelist ${HOME}/.local/share/gradio
+allow  ${HOME}/.cache/gradio
+allow  ${HOME}/.local/share/gradio
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile
index c7e0c297772..53f0baccbab 100644
--- a/etc/profile-a-l/gramps.profile
+++ b/etc/profile-a-l/gramps.profile
@@ -6,7 +6,7 @@ include gramps.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gramps
+nodeny  ${HOME}/.gramps
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -21,7 +21,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.gramps
-whitelist ${HOME}/.gramps
+allow  ${HOME}/.gramps
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
index 890ba256078..ecc871c2e5a 100644
--- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
+++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/gravity-beams-and-evaporating-stars
+allow  /usr/share/gravity-beams-and-evaporating-stars
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile
index 5927e8c4d3e..9a4f7b4fbb6 100644
--- a/etc/profile-a-l/gthumb.profile
+++ b/etc/profile-a-l/gthumb.profile
@@ -6,9 +6,9 @@ include gthumb.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/gthumb
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.config/gthumb
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile
index c8addae75d2..d6bb9902a5f 100644
--- a/etc/profile-a-l/gtk-update-icon-cache.profile
+++ b/etc/profile-a-l/gtk-update-icon-cache.profile
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 787c7bd90fe..8241de43ac6 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local
 
 ignore quiet
 
-noblacklist /tmp/.X11-unix
-noblacklist ${RUNUSER}
+nodeny  /tmp/.X11-unix
+nodeny  ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 988882622fd..6ea4ebbdc80 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local
 
 ignore quiet
 
-noblacklist /tmp/.X11-unix
-noblacklist ${RUNUSER}
+nodeny  /tmp/.X11-unix
+nodeny  ${RUNUSER}
 
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile
index 3d2b71e9d7b..731bcad1d5d 100644
--- a/etc/profile-a-l/guayadeque.profile
+++ b/etc/profile-a-l/guayadeque.profile
@@ -5,8 +5,8 @@ include guayadeque.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.guayadeque
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.guayadeque
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile
index 2223c37a1ca..5cdc2cc18ea 100644
--- a/etc/profile-a-l/gummi.profile
+++ b/etc/profile-a-l/gummi.profile
@@ -5,8 +5,8 @@ include gummi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/gummi
-noblacklist ${HOME}/.config/gummi
+nodeny  ${HOME}/.cache/gummi
+nodeny  ${HOME}/.config/gummi
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
index 9221ca31c07..3404f51779b 100644
--- a/etc/profile-a-l/guvcview.profile
+++ b/etc/profile-a-l/guvcview.profile
@@ -6,10 +6,10 @@ include guvcview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/guvcview2
+nodeny  ${HOME}/.config/guvcview2
 
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/guvcview2
-whitelist ${HOME}/.config/guvcview2
-whitelist ${PICTURES}
-whitelist ${VIDEOS}
+allow  ${HOME}/.config/guvcview2
+allow  ${PICTURES}
+allow  ${VIDEOS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile
index d33e2a67348..132b5a2e2d9 100644
--- a/etc/profile-a-l/gwenview.profile
+++ b/etc/profile-a-l/gwenview.profile
@@ -6,17 +6,17 @@ include gwenview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.config/gwenviewrc
-noblacklist ${HOME}/.config/org.kde.gwenviewrc
-noblacklist ${HOME}/.gimp*
-noblacklist ${HOME}/.kde/share/apps/gwenview
-noblacklist ${HOME}/.kde/share/config/gwenviewrc
-noblacklist ${HOME}/.kde4/share/apps/gwenview
-noblacklist ${HOME}/.kde4/share/config/gwenviewrc
-noblacklist ${HOME}/.local/share/gwenview
-noblacklist ${HOME}/.local/share/kxmlgui5/gwenview
-noblacklist ${HOME}/.local/share/org.kde.gwenview
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.config/gwenviewrc
+nodeny  ${HOME}/.config/org.kde.gwenviewrc
+nodeny  ${HOME}/.gimp*
+nodeny  ${HOME}/.kde/share/apps/gwenview
+nodeny  ${HOME}/.kde/share/config/gwenviewrc
+nodeny  ${HOME}/.kde4/share/apps/gwenview
+nodeny  ${HOME}/.kde4/share/config/gwenviewrc
+nodeny  ${HOME}/.local/share/gwenview
+nodeny  ${HOME}/.local/share/kxmlgui5/gwenview
+nodeny  ${HOME}/.local/share/org.kde.gwenview
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile
index b261c16f4aa..46c98bdc2fc 100644
--- a/etc/profile-a-l/gzip.profile
+++ b/etc/profile-a-l/gzip.profile
@@ -9,7 +9,7 @@ include globals.local
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 # Redirect
 include archiver-common.profile
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile
index 847e1ec1e0a..c102ac4cb29 100644
--- a/etc/profile-a-l/handbrake.profile
+++ b/etc/profile-a-l/handbrake.profile
@@ -6,9 +6,9 @@ include handbrake.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ghb
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/ghb
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile
index aab4b0c21a9..d98a1b554ed 100644
--- a/etc/profile-a-l/hashcat.profile
+++ b/etc/profile-a-l/hashcat.profile
@@ -7,11 +7,11 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.hashcat
-noblacklist /usr/include
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.hashcat
+nodeny  /usr/include
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 44584f26b3f..1c2a44e06fc 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -4,7 +4,7 @@ include hasher-common.local
 
 # common profile for hasher/checksum tools
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 # Comment/uncomment the relevant include file(s) in your hasher-common.local
 # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile
index c0675d8ecd3..90833af91f0 100644
--- a/etc/profile-a-l/hedgewars.profile
+++ b/etc/profile-a-l/hedgewars.profile
@@ -6,7 +6,7 @@ include hedgewars.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.hedgewars
+nodeny  ${HOME}/.hedgewars
 
 include allow-lua.inc
 
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.hedgewars
-whitelist ${HOME}/.hedgewars
+allow  ${HOME}/.hedgewars
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile
index b887de1474f..993efb5911c 100644
--- a/etc/profile-a-l/hexchat.profile
+++ b/etc/profile-a-l/hexchat.profile
@@ -6,7 +6,7 @@ include hexchat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/hexchat
+nodeny  ${HOME}/.config/hexchat
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/hexchat
-whitelist ${HOME}/.config/hexchat
+allow  ${HOME}/.config/hexchat
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile
index 643736ac7f5..53db642dccf 100644
--- a/etc/profile-a-l/highlight.profile
+++ b/etc/profile-a-l/highlight.profile
@@ -6,7 +6,7 @@ include highlight.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile
index 199b1a5e55a..ef259cc00ec 100644
--- a/etc/profile-a-l/homebank.profile
+++ b/etc/profile-a-l/homebank.profile
@@ -6,7 +6,7 @@ include homebank.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/homebank
+nodeny  ${HOME}/.config/homebank
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/homebank
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/homebank
-whitelist /usr/share/homebank
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/homebank
+allow  /usr/share/homebank
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile
index 00d9f7a768b..63e1be259b4 100644
--- a/etc/profile-a-l/host.profile
+++ b/etc/profile-a-l/host.profile
@@ -7,8 +7,8 @@ include host.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-noblacklist ${PATH}/host
+deny  ${RUNUSER}
+nodeny  ${PATH}/host
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile
index 267712c87dc..db5cd29ccec 100644
--- a/etc/profile-a-l/hugin.profile
+++ b/etc/profile-a-l/hugin.profile
@@ -6,9 +6,9 @@ include hugin.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.hugin
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.hugin
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile
index e66ffd7e14e..1fb33ceb8d2 100644
--- a/etc/profile-a-l/hyperrogue.profile
+++ b/etc/profile-a-l/hyperrogue.profile
@@ -6,7 +6,7 @@ include hyperrogue.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/hyperrogue.ini
+nodeny  ${HOME}/hyperrogue.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/hyperrogue.ini
-whitelist ${HOME}/hyperrogue.ini
-whitelist /usr/share/hyperrogue
+allow  ${HOME}/hyperrogue.ini
+allow  /usr/share/hyperrogue
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile
index 47c98417572..c8a2e8a04e9 100644
--- a/etc/profile-a-l/i2prouter.profile
+++ b/etc/profile-a-l/i2prouter.profile
@@ -14,12 +14,12 @@ include globals.local
 # Only needed when i2prouter binary resides in home directory (official I2P java installer does so).
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/i2p
-noblacklist ${HOME}/.i2p
-noblacklist ${HOME}/.local/share/i2p
-noblacklist ${HOME}/i2p
+nodeny  ${HOME}/.config/i2p
+nodeny  ${HOME}/.i2p
+nodeny  ${HOME}/.local/share/i2p
+nodeny  ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-noblacklist /usr/sbin
+nodeny  /usr/sbin
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p
 mkdir ${HOME}/.i2p
 mkdir ${HOME}/.local/share/i2p
 mkdir ${HOME}/i2p
-whitelist ${HOME}/.config/i2p
-whitelist ${HOME}/.i2p
-whitelist ${HOME}/.local/share/i2p
-whitelist ${HOME}/i2p
+allow  ${HOME}/.config/i2p
+allow  ${HOME}/.i2p
+allow  ${HOME}/.local/share/i2p
+allow  ${HOME}/i2p
 # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so).
-whitelist /usr/sbin/wrapper*
+allow  /usr/sbin/wrapper*
 
 include whitelist-common.inc
 
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
index e96b1843c85..95ddad221ed 100644
--- a/etc/profile-a-l/i3.profile
+++ b/etc/profile-a-l/i3.profile
@@ -7,7 +7,7 @@ include i3.local
 include globals.local
 
 # all applications started in i3 will run in this profile
-noblacklist ${HOME}/.config/i3
+nodeny  ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile
index 660343a290b..0de2f658b3e 100644
--- a/etc/profile-a-l/icecat.profile
+++ b/etc/profile-a-l/icecat.profile
@@ -5,13 +5,13 @@ include icecat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
 
 mkdir ${HOME}/.cache/mozilla/icecat
 mkdir ${HOME}/.mozilla
-whitelist ${HOME}/.cache/mozilla/icecat
-whitelist ${HOME}/.mozilla
+allow  ${HOME}/.cache/mozilla/icecat
+allow  ${HOME}/.mozilla
 
 # private-etc must first be enabled in firefox-common.profile
 #private-etc icecat
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile
index 19690cd5ae3..0c22d87d02a 100644
--- a/etc/profile-a-l/icedove.profile
+++ b/etc/profile-a-l/icedove.profile
@@ -9,16 +9,16 @@ include icedove.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ${HOME}/.cache/icedove
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.icedove
+nodeny  ${HOME}/.cache/icedove
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.icedove
 
 mkdir ${HOME}/.cache/icedove
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.icedove
-whitelist ${HOME}/.cache/icedove
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.icedove
+allow  ${HOME}/.cache/icedove
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.icedove
 include whitelist-common.inc
 
 ignore private-tmp
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index 680b8e77701..180b62ec274 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -5,12 +5,12 @@ include idea.sh.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.IdeaIC*
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.jack-server
-noblacklist ${HOME}/.jack-settings
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.IdeaIC*
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.jack-server
+nodeny  ${HOME}/.jack-settings
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile
index 12ce7976b96..5d28e7aca19 100644
--- a/etc/profile-a-l/imagej.profile
+++ b/etc/profile-a-l/imagej.profile
@@ -6,7 +6,7 @@ include imagej.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.imagej
+nodeny  ${HOME}/.imagej
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile
index c26958d0648..70d56a7dceb 100644
--- a/etc/profile-a-l/img2txt.profile
+++ b/etc/profile-a-l/img2txt.profile
@@ -5,10 +5,10 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/imlib2
+allow  /usr/share/imlib2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile
index c152be01cfa..4914cd9d0f2 100644
--- a/etc/profile-a-l/impressive.profile
+++ b/etc/profile-a-l/impressive.profile
@@ -6,9 +6,9 @@ include impressive.local
 # Persistent global definitions
 #include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  ${DOCUMENTS}
+nodeny  /sbin
+nodeny  /usr/sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
@@ -23,8 +23,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/mesa_shader_cache
-whitelist /usr/share/opengl-games-utils
-whitelist /usr/share/zenity
+allow  /usr/share/opengl-games-utils
+allow  /usr/share/zenity
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index 35dd86b32ad..1a949b3004c 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -6,14 +6,14 @@ include inkscape.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/inkscape
-noblacklist ${HOME}/.config/inkscape
-noblacklist ${HOME}/.inkscape
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/inkscape
+nodeny  ${HOME}/.config/inkscape
+nodeny  ${HOME}/.inkscape
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 # Allow exporting .xcf files
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.gimp*
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.gimp*
 
 
 # Allow python (blacklisted by disable-interpreters.inc)
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/inkscape
+allow  /usr/share/inkscape
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile
index a5cac12f24f..1591ed7ea7a 100644
--- a/etc/profile-a-l/inox.profile
+++ b/etc/profile-a-l/inox.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/inox
-noblacklist ${HOME}/.config/inox
+nodeny  ${HOME}/.cache/inox
+nodeny  ${HOME}/.config/inox
 
 mkdir ${HOME}/.cache/inox
 mkdir ${HOME}/.config/inox
-whitelist ${HOME}/.cache/inox
-whitelist ${HOME}/.config/inox
+allow  ${HOME}/.cache/inox
+allow  ${HOME}/.config/inox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile
index 3037d00e98a..f361fd66316 100644
--- a/etc/profile-a-l/iridium.profile
+++ b/etc/profile-a-l/iridium.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/iridium
-noblacklist ${HOME}/.config/iridium
+nodeny  ${HOME}/.cache/iridium
+nodeny  ${HOME}/.config/iridium
 
 mkdir ${HOME}/.cache/iridium
 mkdir ${HOME}/.config/iridium
-whitelist ${HOME}/.cache/iridium
-whitelist ${HOME}/.config/iridium
+allow  ${HOME}/.cache/iridium
+allow  ${HOME}/.config/iridium
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile
index e02dcbdb157..fa0bcf9864a 100644
--- a/etc/profile-a-l/itch.profile
+++ b/etc/profile-a-l/itch.profile
@@ -8,8 +8,8 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
 
-noblacklist ${HOME}/.itch
-noblacklist ${HOME}/.config/itch
+nodeny  ${HOME}/.itch
+nodeny  ${HOME}/.config/itch
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
-whitelist ${HOME}/.itch
-whitelist ${HOME}/.config/itch
+allow  ${HOME}/.itch
+allow  ${HOME}/.config/itch
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile
index 3e9abf36983..e4be574df13 100644
--- a/etc/profile-a-l/jami-gnome.profile
+++ b/etc/profile-a-l/jami-gnome.profile
@@ -6,8 +6,8 @@ include jami-gnome.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/jami
-noblacklist ${HOME}/.local/share/jami
+nodeny  ${HOME}/.config/jami
+nodeny  ${HOME}/.local/share/jami
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/jami
 mkdir ${HOME}/.local/share/jami
-whitelist ${HOME}/.config/jami
-whitelist ${HOME}/.local/share/jami
+allow  ${HOME}/.config/jami
+allow  ${HOME}/.local/share/jami
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile
index 7d29f10680e..bfea84c69a5 100644
--- a/etc/profile-a-l/jd-gui.profile
+++ b/etc/profile-a-l/jd-gui.profile
@@ -5,7 +5,7 @@ include jd-gui.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/jd-gui.cfg
+nodeny  ${HOME}/.config/jd-gui.cfg
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile
index 85b1f2120b1..c4102761805 100644
--- a/etc/profile-a-l/jerry.profile
+++ b/etc/profile-a-l/jerry.profile
@@ -6,7 +6,7 @@ include jerry.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/dkl
+nodeny  ${HOME}/.config/dkl
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile
index edb7ed84038..9ca30c36d6f 100644
--- a/etc/profile-a-l/jitsi-meet-desktop.profile
+++ b/etc/profile-a-l/jitsi-meet-desktop.profile
@@ -13,12 +13,12 @@ ignore shell none
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Jitsi Meet
+nodeny  ${HOME}/.config/Jitsi Meet
 
-nowhitelist ${DOWNLOADS}
+noallow  ${DOWNLOADS}
 
 mkdir ${HOME}/.config/Jitsi Meet
-whitelist ${HOME}/.config/Jitsi Meet
+allow  ${HOME}/.config/Jitsi Meet
 
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh
 private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile
index 223c360b8cc..f53e6ca3283 100644
--- a/etc/profile-a-l/jitsi.profile
+++ b/etc/profile-a-l/jitsi.profile
@@ -5,7 +5,7 @@ include jitsi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.jitsi
+nodeny  ${HOME}/.jitsi
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile
index 9954b8aea42..c0a78ecc095 100644
--- a/etc/profile-a-l/jumpnbump.profile
+++ b/etc/profile-a-l/jumpnbump.profile
@@ -6,7 +6,7 @@ include jumpnbump.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.jumpnbump
+nodeny  ${HOME}/.jumpnbump
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.jumpnbump
-whitelist ${HOME}/.jumpnbump
-whitelist /usr/share/jumpnbump
+allow  ${HOME}/.jumpnbump
+allow  /usr/share/jumpnbump
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile
index 5ae90dff691..73ce8670f29 100644
--- a/etc/profile-a-l/k3b.profile
+++ b/etc/profile-a-l/k3b.profile
@@ -6,11 +6,11 @@ include k3b.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/k3brc
-noblacklist ${HOME}/.kde/share/config/k3brc
-noblacklist ${HOME}/.kde4/share/config/k3brc
-noblacklist ${HOME}/.local/share/kxmlgui5/k3b
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/k3brc
+nodeny  ${HOME}/.kde/share/config/k3brc
+nodeny  ${HOME}/.kde4/share/config/k3brc
+nodeny  ${HOME}/.local/share/kxmlgui5/k3b
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile
index d55fd22cb15..e6a00e35010 100644
--- a/etc/profile-a-l/kaffeine.profile
+++ b/etc/profile-a-l/kaffeine.profile
@@ -6,14 +6,14 @@ include kaffeine.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kaffeinerc
-noblacklist ${HOME}/.kde/share/apps/kaffeine
-noblacklist ${HOME}/.kde/share/config/kaffeinerc
-noblacklist ${HOME}/.kde4/share/apps/kaffeine
-noblacklist ${HOME}/.kde4/share/config/kaffeinerc
-noblacklist ${HOME}/.local/share/kaffeine
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/kaffeinerc
+nodeny  ${HOME}/.kde/share/apps/kaffeine
+nodeny  ${HOME}/.kde/share/config/kaffeinerc
+nodeny  ${HOME}/.kde4/share/apps/kaffeine
+nodeny  ${HOME}/.kde4/share/config/kaffeinerc
+nodeny  ${HOME}/.local/share/kaffeine
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile
index 503dac4b6b9..98b04353e66 100644
--- a/etc/profile-a-l/kalgebra.profile
+++ b/etc/profile-a-l/kalgebra.profile
@@ -6,8 +6,8 @@ include kalgebra.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kalgebrarc
-noblacklist ${HOME}/.local/share/kalgebra
+nodeny  ${HOME}/.config/kalgebrarc
+nodeny  ${HOME}/.local/share/kalgebra
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/kalgebramobile
+allow  /usr/share/kalgebramobile
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile
index 231299a2f2c..db53945503c 100644
--- a/etc/profile-a-l/karbon.profile
+++ b/etc/profile-a-l/karbon.profile
@@ -6,7 +6,7 @@ include karbon.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/karbon
+nodeny  ${HOME}/.local/share/kxmlgui5/karbon
 
 # Redirect
 include krita.profile
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index 27b87e7c376..d2b18049217 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -8,20 +8,20 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/katemetainfos
-noblacklist ${HOME}/.config/katepartrc
-noblacklist ${HOME}/.config/katerc
-noblacklist ${HOME}/.config/kateschemarc
-noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-noblacklist ${HOME}/.config/katevirc
-noblacklist ${HOME}/.local/share/kate
-noblacklist ${HOME}/.local/share/kxmlgui5/kate
-noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
-noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole
-noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
-noblacklist ${HOME}/.local/share/kxmlgui5/katepart
-noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
-noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
+nodeny  ${HOME}/.config/katemetainfos
+nodeny  ${HOME}/.config/katepartrc
+nodeny  ${HOME}/.config/katerc
+nodeny  ${HOME}/.config/kateschemarc
+nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+nodeny  ${HOME}/.config/katevirc
+nodeny  ${HOME}/.local/share/kate
+nodeny  ${HOME}/.local/share/kxmlgui5/kate
+nodeny  ${HOME}/.local/share/kxmlgui5/katefiletree
+nodeny  ${HOME}/.local/share/kxmlgui5/katekonsole
+nodeny  ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
+nodeny  ${HOME}/.local/share/kxmlgui5/katepart
+nodeny  ${HOME}/.local/share/kxmlgui5/kateproject
+nodeny  ${HOME}/.local/share/kxmlgui5/katesearch
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
index 9795cf1683e..a4e2e64f449 100644
--- a/etc/profile-a-l/kazam.profile
+++ b/etc/profile-a-l/kazam.profile
@@ -8,9 +8,9 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
-noblacklist ${HOME}/.config/kazam
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
+nodeny  ${HOME}/.config/kazam
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/kazam
+allow  /usr/share/kazam
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile
index e36ee5ed2b8..fcb168d4db3 100644
--- a/etc/profile-a-l/kcalc.profile
+++ b/etc/profile-a-l/kcalc.profile
@@ -6,7 +6,7 @@ include kcalc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/kxmlgui5/kcalc
+nodeny  ${HOME}/.local/share/kxmlgui5/kcalc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc
 mkfile ${HOME}/.config/kcalcrc
 mkfile ${HOME}/.kde/share/config/kcalcrc
 mkfile ${HOME}/.kde4/share/config/kcalcrc
-whitelist ${HOME}/.config/kcalcrc
-whitelist ${HOME}/.kde/share/config/kcalcrc
-whitelist ${HOME}/.kde4/share/config/kcalcrc
-whitelist ${HOME}/.local/share/kxmlgui5/kcalc
-whitelist /usr/share/config.kcfg/kcalc.kcfg
-whitelist /usr/share/kcalc
-whitelist /usr/share/kconf_update/kcalcrc.upd
+allow  ${HOME}/.config/kcalcrc
+allow  ${HOME}/.kde/share/config/kcalcrc
+allow  ${HOME}/.kde4/share/config/kcalcrc
+allow  ${HOME}/.local/share/kxmlgui5/kcalc
+allow  /usr/share/config.kcfg/kcalc.kcfg
+allow  /usr/share/kcalc
+allow  /usr/share/kconf_update/kcalcrc.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile
index d2a08a2698f..4acafbf2a60 100644
--- a/etc/profile-a-l/kdenlive.profile
+++ b/etc/profile-a-l/kdenlive.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/kdenlive
-noblacklist ${HOME}/.config/kdenliverc
-noblacklist ${HOME}/.local/share/kdenlive
-noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive
+nodeny  ${HOME}/.cache/kdenlive
+nodeny  ${HOME}/.config/kdenliverc
+nodeny  ${HOME}/.local/share/kdenlive
+nodeny  ${HOME}/.local/share/kxmlgui5/kdenlive
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile
index 7c1cb229415..0c37f796817 100644
--- a/etc/profile-a-l/kdiff3.profile
+++ b/etc/profile-a-l/kdiff3.profile
@@ -6,14 +6,14 @@ include kdiff3.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kdiff3fileitemactionrc
-noblacklist ${HOME}/.config/kdiff3rc
+nodeny  ${HOME}/.config/kdiff3fileitemactionrc
+nodeny  ${HOME}/.config/kdiff3rc
 
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-blacklist ${HOME}/.ssh
-blacklist ${HOME}/.gnupg
+deny  ${HOME}/.ssh
+deny  ${HOME}/.gnupg
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index ae8971ab41b..9c06962bcbb 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -6,14 +6,14 @@ include keepass.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.config/KeePass
-noblacklist ${HOME}/.config/keepass
-noblacklist ${HOME}/.keepass
-noblacklist ${HOME}/.local/share/KeePass
-noblacklist ${HOME}/.local/share/keepass
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
+nodeny  ${HOME}/.config/KeePass
+nodeny  ${HOME}/.config/keepass
+nodeny  ${HOME}/.keepass
+nodeny  ${HOME}/.local/share/KeePass
+nodeny  ${HOME}/.local/share/keepass
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index ac364986d37..2772fa8bfa9 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -6,11 +6,11 @@ include keepassx.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.config/keepassx
-noblacklist ${HOME}/.keepassx
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
+nodeny  ${HOME}/.config/keepassx
+nodeny  ${HOME}/.keepassx
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index f71dcf82b2b..9c530b20de2 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -6,23 +6,23 @@ include keepassxc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/*.kdb
-noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.cache/keepassxc
-noblacklist ${HOME}/.config/keepassxc
-noblacklist ${HOME}/.config/KeePassXCrc
-noblacklist ${HOME}/.keepassxc
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/*.kdb
+nodeny  ${HOME}/*.kdbx
+nodeny  ${HOME}/.cache/keepassxc
+nodeny  ${HOME}/.config/keepassxc
+nodeny  ${HOME}/.config/KeePassXCrc
+nodeny  ${HOME}/.keepassxc
+nodeny  ${DOCUMENTS}
 
 # Allow browser profiles, required for browser integration.
-noblacklist ${HOME}/.config/BraveSoftware
-noblacklist ${HOME}/.config/chromium
-noblacklist ${HOME}/.config/google-chrome
-noblacklist ${HOME}/.config/vivaldi
-noblacklist ${HOME}/.local/share/torbrowser
-noblacklist ${HOME}/.mozilla
+nodeny  ${HOME}/.config/BraveSoftware
+nodeny  ${HOME}/.config/chromium
+nodeny  ${HOME}/.config/google-chrome
+nodeny  ${HOME}/.config/vivaldi
+nodeny  ${HOME}/.local/share/torbrowser
+nodeny  ${HOME}/.mozilla
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -57,7 +57,7 @@ include disable-xdg.inc
 #whitelist ${HOME}/.config/KeePassXCrc
 #include whitelist-common.inc
 
-whitelist /usr/share/keepassxc
+allow  /usr/share/keepassxc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile
index 2c684504b16..30c041cbc8e 100644
--- a/etc/profile-a-l/kget.profile
+++ b/etc/profile-a-l/kget.profile
@@ -6,13 +6,13 @@ include kget.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kgetrc
-noblacklist ${HOME}/.kde/share/apps/kget
-noblacklist ${HOME}/.kde/share/config/kgetrc
-noblacklist ${HOME}/.kde4/share/apps/kget
-noblacklist ${HOME}/.kde4/share/config/kgetrc
-noblacklist ${HOME}/.local/share/kget
-noblacklist ${HOME}/.local/share/kxmlgui5/kget
+nodeny  ${HOME}/.config/kgetrc
+nodeny  ${HOME}/.kde/share/apps/kget
+nodeny  ${HOME}/.kde/share/config/kgetrc
+nodeny  ${HOME}/.kde4/share/apps/kget
+nodeny  ${HOME}/.kde4/share/config/kgetrc
+nodeny  ${HOME}/.local/share/kget
+nodeny  ${HOME}/.local/share/kxmlgui5/kget
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile
index 9bcede07728..84d135fc3af 100644
--- a/etc/profile-a-l/kid3-qt.profile
+++ b/etc/profile-a-l/kid3-qt.profile
@@ -2,7 +2,7 @@
 # This file is overwritten after every install/update
 include kid3-qt.local
 
-noblacklist ${HOME}/.config/Kid3
+nodeny  ${HOME}/.config/Kid3
 
 # Redirect
 include kid3.profile
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile
index e18292e9965..0ef2a784504 100644
--- a/etc/profile-a-l/kid3.profile
+++ b/etc/profile-a-l/kid3.profile
@@ -6,9 +6,9 @@ include kid3.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${HOME}/.config/kid3rc
-noblacklist ${HOME}/.local/share/kxmlgui5/kid3
+nodeny  ${MUSIC}
+nodeny  ${HOME}/.config/kid3rc
+nodeny  ${HOME}/.local/share/kxmlgui5/kid3
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile
index 74014ffe666..833c1d22a45 100644
--- a/etc/profile-a-l/kino.profile
+++ b/etc/profile-a-l/kino.profile
@@ -6,8 +6,8 @@ include kino.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kino-history
-noblacklist ${HOME}/.kinorc
+nodeny  ${HOME}/.kino-history
+nodeny  ${HOME}/.kinorc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile
index 40ee0bbc7bb..b188ba0e318 100644
--- a/etc/profile-a-l/kiwix-desktop.profile
+++ b/etc/profile-a-l/kiwix-desktop.profile
@@ -6,8 +6,8 @@ include kiwix-desktop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/kiwix
-noblacklist ${HOME}/.local/share/kiwix-desktop
+nodeny  ${HOME}/.local/share/kiwix
+nodeny  ${HOME}/.local/share/kiwix-desktop
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/kiwix
 mkdir ${HOME}/.local/share/kiwix-desktop
-whitelist ${HOME}/.local/share/kiwix
-whitelist ${HOME}/.local/share/kiwix-desktop
+allow  ${HOME}/.local/share/kiwix
+allow  ${HOME}/.local/share/kiwix-desktop
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile
index c6a9023f150..e087e497301 100644
--- a/etc/profile-a-l/klatexformula.profile
+++ b/etc/profile-a-l/klatexformula.profile
@@ -6,8 +6,8 @@ include klatexformula.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kde/share/apps/klatexformula
-noblacklist ${HOME}/.klatexformula
+nodeny  ${HOME}/.kde/share/apps/klatexformula
+nodeny  ${HOME}/.klatexformula
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile
index f5cd3a48c53..ec39124193a 100644
--- a/etc/profile-a-l/klavaro.profile
+++ b/etc/profile-a-l/klavaro.profile
@@ -6,8 +6,8 @@ include klavaro.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/klavaro
-noblacklist ${HOME}/.local/share/klavaro
+nodeny  ${HOME}/.config/klavaro
+nodeny  ${HOME}/.local/share/klavaro
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/klavaro
 mkdir ${HOME}/.config/klavaro
-whitelist ${HOME}/.local/share/klavaro
-whitelist ${HOME}/.config/klavaro
+allow  ${HOME}/.local/share/klavaro
+allow  ${HOME}/.config/klavaro
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 95ae98e5318..3c582c08cae 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -9,27 +9,27 @@ include globals.local
 # kmail has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when kmail is started
 
-noblacklist ${HOME}/.cache/akonadi*
-noblacklist ${HOME}/.cache/kmail2
-noblacklist ${HOME}/.config/akonadi*
-noblacklist ${HOME}/.config/baloorc
-noblacklist ${HOME}/.config/emaildefaults
-noblacklist ${HOME}/.config/emailidentities
-noblacklist ${HOME}/.config/kmail2rc
-noblacklist ${HOME}/.config/kmailsearchindexingrc
-noblacklist ${HOME}/.config/mailtransports
-noblacklist ${HOME}/.config/specialmailcollectionsrc
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.local/share/akonadi*
-noblacklist ${HOME}/.local/share/apps/korganizer
-noblacklist ${HOME}/.local/share/contacts
-noblacklist ${HOME}/.local/share/emailidentities
-noblacklist ${HOME}/.local/share/kmail2
-noblacklist ${HOME}/.local/share/kxmlgui5/kmail
-noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
-noblacklist ${HOME}/.local/share/local-mail
-noblacklist ${HOME}/.local/share/notes
-noblacklist /tmp/akonadi-*
+nodeny  ${HOME}/.cache/akonadi*
+nodeny  ${HOME}/.cache/kmail2
+nodeny  ${HOME}/.config/akonadi*
+nodeny  ${HOME}/.config/baloorc
+nodeny  ${HOME}/.config/emaildefaults
+nodeny  ${HOME}/.config/emailidentities
+nodeny  ${HOME}/.config/kmail2rc
+nodeny  ${HOME}/.config/kmailsearchindexingrc
+nodeny  ${HOME}/.config/mailtransports
+nodeny  ${HOME}/.config/specialmailcollectionsrc
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.local/share/akonadi*
+nodeny  ${HOME}/.local/share/apps/korganizer
+nodeny  ${HOME}/.local/share/contacts
+nodeny  ${HOME}/.local/share/emailidentities
+nodeny  ${HOME}/.local/share/kmail2
+nodeny  ${HOME}/.local/share/kxmlgui5/kmail
+nodeny  ${HOME}/.local/share/kxmlgui5/kmail2
+nodeny  ${HOME}/.local/share/local-mail
+nodeny  ${HOME}/.local/share/notes
+nodeny  /tmp/akonadi-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile
index e88b534997c..d2ce14ab620 100644
--- a/etc/profile-a-l/kmplayer.profile
+++ b/etc/profile-a-l/kmplayer.profile
@@ -6,11 +6,11 @@ include kmplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/kmplayerrc
-noblacklist ${HOME}/.kde/share/config/kmplayerrc
-noblacklist ${HOME}/.local/share/kmplayer
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/kmplayerrc
+nodeny  ${HOME}/.kde/share/config/kmplayerrc
+nodeny  ${HOME}/.local/share/kmplayer
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile
index f155d0ad600..5a9ac34dac6 100644
--- a/etc/profile-a-l/knotes.profile
+++ b/etc/profile-a-l/knotes.profile
@@ -10,9 +10,9 @@ include knotes.local
 # knotes has problems launching akonadi in debian and ubuntu.
 # one solution is to have akonadi already running when knotes is started
 
-noblacklist ${HOME}/.config/knotesrc
-noblacklist ${HOME}/.local/share/knotes
-noblacklist ${HOME}/.local/share/kxmlgui5/knotes
+nodeny  ${HOME}/.config/knotesrc
+nodeny  ${HOME}/.local/share/knotes
+nodeny  ${HOME}/.local/share/kxmlgui5/knotes
 
 # Redirect
 include kmail.profile
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile
index b7091f1fc1c..2725c87bea8 100644
--- a/etc/profile-a-l/kodi.profile
+++ b/etc/profile-a-l/kodi.profile
@@ -13,10 +13,10 @@ ignore noexec ${HOME}
 #ignore noroot
 #ignore private-dev
 
-noblacklist ${HOME}/.kodi
-noblacklist ${MUSIC}
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.kodi
+nodeny  ${MUSIC}
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile
index 5b5ed6e24e1..d8ce3383832 100644
--- a/etc/profile-a-l/konversation.profile
+++ b/etc/profile-a-l/konversation.profile
@@ -6,11 +6,11 @@ include konversation.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/konversationrc
-noblacklist ${HOME}/.config/konversation.notifyrc
-noblacklist ${HOME}/.kde/share/config/konversationrc
-noblacklist ${HOME}/.kde4/share/config/konversationrc
-noblacklist ${HOME}/.local/share/kxmlgui5/konversation
+nodeny  ${HOME}/.config/konversationrc
+nodeny  ${HOME}/.config/konversation.notifyrc
+nodeny  ${HOME}/.kde/share/config/konversationrc
+nodeny  ${HOME}/.kde4/share/config/konversationrc
+nodeny  ${HOME}/.local/share/kxmlgui5/konversation
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile
index 88f47d1bfb9..749591f323b 100644
--- a/etc/profile-a-l/kopete.profile
+++ b/etc/profile-a-l/kopete.profile
@@ -6,11 +6,11 @@ include kopete.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kde/share/apps/kopete
-noblacklist ${HOME}/.kde/share/config/kopeterc
-noblacklist ${HOME}/.kde4/share/apps/kopete
-noblacklist ${HOME}/.kde4/share/config/kopeterc
-noblacklist ${HOME}/.local/share/kxmlgui5/kopete
+nodeny  ${HOME}/.kde/share/apps/kopete
+nodeny  ${HOME}/.kde/share/config/kopeterc
+nodeny  ${HOME}/.kde4/share/apps/kopete
+nodeny  ${HOME}/.kde4/share/config/kopeterc
+nodeny  ${HOME}/.local/share/kxmlgui5/kopete
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/lib/winpopup
+allow  /var/lib/winpopup
 include whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile
index 8604e63d069..950341def31 100644
--- a/etc/profile-a-l/krita.profile
+++ b/etc/profile-a-l/krita.profile
@@ -9,10 +9,10 @@ include globals.local
 # noexec ${HOME} may break krita, see issue #1953
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/kritarc
-noblacklist ${HOME}/.local/share/krita
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/kritarc
+nodeny  ${HOME}/.local/share/krita
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 9cb5eff877a..7b325d273c9 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -13,9 +13,9 @@ include globals.local
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 # noblacklist ${HOME}/.config/chromium
-noblacklist ${HOME}/.config/krunnerrc
-noblacklist ${HOME}/.kde/share/config/krunnerrc
-noblacklist ${HOME}/.kde4/share/config/krunnerrc
+nodeny  ${HOME}/.config/krunnerrc
+nodeny  ${HOME}/.kde/share/config/krunnerrc
+nodeny  ${HOME}/.kde4/share/config/krunnerrc
 # noblacklist ${HOME}/.local/share/baloo
 # noblacklist ${HOME}/.mozilla
 
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile
index 5a85194e0d7..ac9fee58560 100644
--- a/etc/profile-a-l/ktorrent.profile
+++ b/etc/profile-a-l/ktorrent.profile
@@ -6,13 +6,13 @@ include ktorrent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ktorrentrc
-noblacklist ${HOME}/.kde/share/apps/ktorrent
-noblacklist ${HOME}/.kde/share/config/ktorrentrc
-noblacklist ${HOME}/.kde4/share/apps/ktorrent
-noblacklist ${HOME}/.kde4/share/config/ktorrentrc
-noblacklist ${HOME}/.local/share/ktorrent
-noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent
+nodeny  ${HOME}/.config/ktorrentrc
+nodeny  ${HOME}/.kde/share/apps/ktorrent
+nodeny  ${HOME}/.kde/share/config/ktorrentrc
+nodeny  ${HOME}/.kde4/share/apps/ktorrent
+nodeny  ${HOME}/.kde4/share/config/ktorrentrc
+nodeny  ${HOME}/.local/share/ktorrent
+nodeny  ${HOME}/.local/share/kxmlgui5/ktorrent
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent
 mkfile ${HOME}/.config/ktorrentrc
 mkfile ${HOME}/.kde/share/config/ktorrentrc
 mkfile ${HOME}/.kde4/share/config/ktorrentrc
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/ktorrentrc
-whitelist ${HOME}/.kde/share/apps/ktorrent
-whitelist ${HOME}/.kde/share/config/ktorrentrc
-whitelist ${HOME}/.kde4/share/apps/ktorrent
-whitelist ${HOME}/.kde4/share/config/ktorrentrc
-whitelist ${HOME}/.local/share/ktorrent
-whitelist ${HOME}/.local/share/kxmlgui5/ktorrent
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/ktorrentrc
+allow  ${HOME}/.kde/share/apps/ktorrent
+allow  ${HOME}/.kde/share/config/ktorrentrc
+allow  ${HOME}/.kde4/share/apps/ktorrent
+allow  ${HOME}/.kde4/share/config/ktorrentrc
+allow  ${HOME}/.local/share/ktorrent
+allow  ${HOME}/.local/share/kxmlgui5/ktorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile
index 4cf72b74c5e..71f8e497735 100644
--- a/etc/profile-a-l/ktouch.profile
+++ b/etc/profile-a-l/ktouch.profile
@@ -6,8 +6,8 @@ include ktouch.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ktouch2rc
-noblacklist ${HOME}/.local/share/ktouch
+nodeny  ${HOME}/.config/ktouch2rc
+nodeny  ${HOME}/.local/share/ktouch
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-xdg.inc
 
 mkfile ${HOME}/.config/ktouch2rc
 mkdir ${HOME}/.local/share/ktouch
-whitelist ${HOME}/.config/ktouch2rc
-whitelist ${HOME}/.local/share/ktouch
+allow  ${HOME}/.config/ktouch2rc
+allow  ${HOME}/.local/share/ktouch
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
index 4e9a12e5fd3..74ffd11628d 100644
--- a/etc/profile-a-l/kube.profile
+++ b/etc/profile-a-l/kube.profile
@@ -6,13 +6,13 @@ include kube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.cache/kube
-noblacklist ${HOME}/.config/kube
-noblacklist ${HOME}/.config/sink
-noblacklist ${HOME}/.local/share/kube
-noblacklist ${HOME}/.local/share/sink
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/kube
+nodeny  ${HOME}/.config/kube
+nodeny  ${HOME}/.config/sink
+nodeny  ${HOME}/.local/share/kube
+nodeny  ${HOME}/.local/share/sink
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube
 mkdir ${HOME}/.config/sink
 mkdir ${HOME}/.local/share/kube
 mkdir ${HOME}/.local/share/sink
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.cache/kube
-whitelist ${HOME}/.config/kube
-whitelist ${HOME}/.config/sink
-whitelist ${HOME}/.local/share/kube
-whitelist ${HOME}/.local/share/sink
-whitelist ${RUNUSER}/gnupg
-whitelist /usr/share/kube
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.cache/kube
+allow  ${HOME}/.config/kube
+allow  ${HOME}/.config/sink
+allow  ${HOME}/.local/share/kube
+allow  ${HOME}/.local/share/sink
+allow  ${RUNUSER}/gnupg
+allow  /usr/share/kube
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
index 15e7ceb17ad..580f937365e 100644
--- a/etc/profile-a-l/kwin_x11.profile
+++ b/etc/profile-a-l/kwin_x11.profile
@@ -8,10 +8,10 @@ include globals.local
 # fix automatical kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
 
-noblacklist ${HOME}/.cache/kwin
-noblacklist ${HOME}/.config/kwinrc
-noblacklist ${HOME}/.config/kwinrulesrc
-noblacklist ${HOME}/.local/share/kwin
+nodeny  ${HOME}/.cache/kwin
+nodeny  ${HOME}/.config/kwinrc
+nodeny  ${HOME}/.config/kwinrulesrc
+nodeny  ${HOME}/.local/share/kwin
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile
index 804ffafeba1..08b0e022411 100644
--- a/etc/profile-a-l/kwrite.profile
+++ b/etc/profile-a-l/kwrite.profile
@@ -6,15 +6,15 @@ include kwrite.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/katepartrc
-noblacklist ${HOME}/.config/katerc
-noblacklist ${HOME}/.config/kateschemarc
-noblacklist ${HOME}/.config/katesyntaxhighlightingrc
-noblacklist ${HOME}/.config/katevirc
-noblacklist ${HOME}/.config/kwriterc
-noblacklist ${HOME}/.local/share/kwrite
-noblacklist ${HOME}/.local/share/kxmlgui5/kwrite
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/katepartrc
+nodeny  ${HOME}/.config/katerc
+nodeny  ${HOME}/.config/kateschemarc
+nodeny  ${HOME}/.config/katesyntaxhighlightingrc
+nodeny  ${HOME}/.config/katevirc
+nodeny  ${HOME}/.config/kwriterc
+nodeny  ${HOME}/.local/share/kwrite
+nodeny  ${HOME}/.local/share/kxmlgui5/kwrite
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile
index ac1b8785d1e..91693bfc1e5 100644
--- a/etc/profile-a-l/latex-common.profile
+++ b/etc/profile-a-l/latex-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/lib
+allow  /var/lib
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile
index 4bbb0a86d3f..e154708ebfa 100644
--- a/etc/profile-a-l/leafpad.profile
+++ b/etc/profile-a-l/leafpad.profile
@@ -6,7 +6,7 @@ include leafpad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/leafpad
+nodeny  ${HOME}/.config/leafpad
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile
index 8eb5ad0c2d6..abee392de0a 100644
--- a/etc/profile-a-l/less.profile
+++ b/etc/profile-a-l/less.profile
@@ -7,9 +7,9 @@ include less.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.lesshst
+nodeny  ${HOME}/.lesshst
 
 include disable-devel.inc
 include disable-exec.inc
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
index c57eae73dca..8ec41eee3b0 100644
--- a/etc/profile-a-l/librecad.profile
+++ b/etc/profile-a-l/librecad.profile
@@ -4,8 +4,8 @@ include librecad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/LibreCAD
-noblacklist ${HOME}/.local/share/LibreCAD
+nodeny  ${HOME}/.config/LibreCAD
+nodeny  ${HOME}/.local/share/LibreCAD
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/librecad
+allow  /usr/share/librecad
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index b1a24888c63..ae01d39b895 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -6,15 +6,15 @@ include libreoffice.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /usr/local/sbin
-noblacklist ${HOME}/.config/libreoffice
+nodeny  /usr/local/sbin
+nodeny  ${HOME}/.config/libreoffice
 
 # libreoffice uses java for some functionality.
 # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality.
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index da047357a2c..5c614ab8ef2 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -6,13 +6,13 @@ include librewolf.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/librewolf
-noblacklist ${HOME}/.librewolf
+nodeny  ${HOME}/.cache/librewolf
+nodeny  ${HOME}/.librewolf
 
 mkdir ${HOME}/.cache/librewolf
 mkdir ${HOME}/.librewolf
-whitelist ${HOME}/.cache/librewolf
-whitelist ${HOME}/.librewolf
+allow  ${HOME}/.cache/librewolf
+allow  ${HOME}/.librewolf
 
 # Add the next lines to your librewolf.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
@@ -23,10 +23,10 @@ whitelist ${HOME}/.librewolf
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-whitelist /usr/share/doc
-whitelist /usr/share/gtk-doc/html
-whitelist /usr/share/mozilla
-whitelist /usr/share/webext
+allow  /usr/share/doc
+allow  /usr/share/gtk-doc/html
+allow  /usr/share/mozilla
+allow  /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 7afca1d5f2a..595ecc25796 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -6,9 +6,9 @@ include liferea.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/liferea
-noblacklist ${HOME}/.config/liferea
-noblacklist ${HOME}/.local/share/liferea
+nodeny  ${HOME}/.cache/liferea
+nodeny  ${HOME}/.config/liferea
+nodeny  ${HOME}/.local/share/liferea
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/liferea
 mkdir ${HOME}/.config/liferea
 mkdir ${HOME}/.local/share/liferea
-whitelist ${HOME}/.cache/liferea
-whitelist ${HOME}/.config/liferea
-whitelist ${HOME}/.local/share/liferea
-whitelist /usr/share/liferea
+allow  ${HOME}/.cache/liferea
+allow  ${HOME}/.config/liferea
+allow  ${HOME}/.local/share/liferea
+allow  /usr/share/liferea
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile
index c065c44a9f1..58d5bcd6dcc 100644
--- a/etc/profile-a-l/lightsoff.profile
+++ b/etc/profile-a-l/lightsoff.profile
@@ -6,7 +6,7 @@ include lightsoff.local
 # Persistent global definitions
 include globals.local
 
-whitelist /usr/share/lightsoff
+allow  /usr/share/lightsoff
 
 private-bin lightsoff
 
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile
index 4254b7f3369..e14c50d773f 100644
--- a/etc/profile-a-l/lincity-ng.profile
+++ b/etc/profile-a-l/lincity-ng.profile
@@ -6,7 +6,7 @@ include lincity-ng.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.lincity-ng
+nodeny  ${HOME}/.lincity-ng
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.lincity-ng
-whitelist ${HOME}/.lincity-ng
+allow  ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index cd885b1d497..51e3d5b94ff 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -4,8 +4,8 @@ include links-common.local
 
 # common profile for links browsers
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
index 8ce39cc7fcb..ae57601ca63 100644
--- a/etc/profile-a-l/links.profile
+++ b/etc/profile-a-l/links.profile
@@ -7,10 +7,10 @@ include links.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.links
+nodeny  ${HOME}/.links
 
 mkdir ${HOME}/.links
-whitelist ${HOME}/.links
+allow  ${HOME}/.links
 
 private-bin links
 
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile
index 5f91dfcd268..eb349c73aef 100644
--- a/etc/profile-a-l/links2.profile
+++ b/etc/profile-a-l/links2.profile
@@ -7,10 +7,10 @@ include links2.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.links2
+nodeny  ${HOME}/.links2
 
 mkdir ${HOME}/.links2
-whitelist ${HOME}/.links2
+allow  ${HOME}/.links2
 
 private-bin links2
 
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile
index 7ebdbef4c5c..dd1dac05b3a 100644
--- a/etc/profile-a-l/linphone.profile
+++ b/etc/profile-a-l/linphone.profile
@@ -6,10 +6,10 @@ include linphone.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/linphone
-noblacklist ${HOME}/.linphone-history.db
-noblacklist ${HOME}/.linphonerc
-noblacklist ${HOME}/.local/share/linphone
+nodeny  ${HOME}/.config/linphone
+nodeny  ${HOME}/.linphone-history.db
+nodeny  ${HOME}/.linphonerc
+nodeny  ${HOME}/.local/share/linphone
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,11 +23,11 @@ include disable-programs.inc
 # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile.
 mkdir ${HOME}/.config/linphone
 mkdir ${HOME}/.local/share/linphone
-whitelist ${HOME}/.config/linphone
-whitelist ${HOME}/.linphone-history.db
-whitelist ${HOME}/.linphonerc
-whitelist ${HOME}/.local/share/linphone
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/linphone
+allow  ${HOME}/.linphone-history.db
+allow  ${HOME}/.linphonerc
+allow  ${HOME}/.local/share/linphone
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile
index 48b0e14dce4..b22110fdcf6 100644
--- a/etc/profile-a-l/lmms.profile
+++ b/etc/profile-a-l/lmms.profile
@@ -6,9 +6,9 @@ include lmms.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.lmmsrc.xml
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.lmmsrc.xml
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile
index f2676fec575..0a7ce86e8ac 100644
--- a/etc/profile-a-l/lollypop.profile
+++ b/etc/profile-a-l/lollypop.profile
@@ -6,8 +6,8 @@ include lollypop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/lollypop
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.local/share/lollypop
+nodeny  ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile
index 174c65a6584..30802b3b75d 100644
--- a/etc/profile-a-l/lugaru.profile
+++ b/etc/profile-a-l/lugaru.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # note: crashes after entering
 
-noblacklist ${HOME}/.config/lugaru
-noblacklist ${HOME}/.local/share/lugaru
+nodeny  ${HOME}/.config/lugaru
+nodeny  ${HOME}/.local/share/lugaru
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/lugaru
 mkdir ${HOME}/.local/share/lugaru
-whitelist ${HOME}/.config/lugaru
-whitelist ${HOME}/.local/share/lugaru
+allow  ${HOME}/.config/lugaru
+allow  ${HOME}/.local/share/lugaru
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile
index 31067034e67..73400dbd615 100644
--- a/etc/profile-a-l/luminance-hdr.profile
+++ b/etc/profile-a-l/luminance-hdr.profile
@@ -6,8 +6,8 @@ include luminance-hdr.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Luminance
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/Luminance
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index 80a3aba86af..9d5169b802c 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -6,18 +6,18 @@ include lutris.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PATH}/llvm*
-noblacklist ${HOME}/Games
-noblacklist ${HOME}/.cache/lutris
-noblacklist ${HOME}/.cache/winetricks
-noblacklist ${HOME}/.config/lutris
-noblacklist ${HOME}/.local/share/lutris
+nodeny  ${PATH}/llvm*
+nodeny  ${HOME}/Games
+nodeny  ${HOME}/.cache/lutris
+nodeny  ${HOME}/.cache/winetricks
+nodeny  ${HOME}/.config/lutris
+nodeny  ${HOME}/.local/share/lutris
 # noblacklist ${HOME}/.wine
-noblacklist /tmp/.wine-*
+nodeny  /tmp/.wine-*
 # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
 # Lutris won't even start.
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 ignore noexec ${HOME}
 
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
 # mkdir ${HOME}/.wine
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/Games
-whitelist ${HOME}/.cache/lutris
-whitelist ${HOME}/.cache/winetricks
-whitelist ${HOME}/.config/lutris
-whitelist ${HOME}/.local/share/lutris
+allow  ${DOWNLOADS}
+allow  ${HOME}/Games
+allow  ${HOME}/.cache/lutris
+allow  ${HOME}/.cache/winetricks
+allow  ${HOME}/.config/lutris
+allow  ${HOME}/.local/share/lutris
 # whitelist ${HOME}/.wine
-whitelist /usr/share/lutris
-whitelist /usr/share/wine
+allow  /usr/share/lutris
+allow  /usr/share/wine
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile
index b2a56012e2e..43147211b32 100644
--- a/etc/profile-a-l/lximage-qt.profile
+++ b/etc/profile-a-l/lximage-qt.profile
@@ -6,7 +6,7 @@ include lximage-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/lximage-qt
+nodeny  ${HOME}/.config/lximage-qt
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile
index cc4b9555151..c849f2ad262 100644
--- a/etc/profile-a-l/lxmusic.profile
+++ b/etc/profile-a-l/lxmusic.profile
@@ -6,9 +6,9 @@ include lxmusic.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/xmms2
-noblacklist ${HOME}/.config/xmms2
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/xmms2
+nodeny  ${HOME}/.config/xmms2
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index a919e924b5f..15c8f1faa55 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -7,8 +7,8 @@ include lynx.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile
index fa69463d137..358dbf2f2a7 100644
--- a/etc/profile-a-l/lyx.profile
+++ b/etc/profile-a-l/lyx.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore private-tmp
 
-noblacklist ${HOME}/.config/LyX
-noblacklist ${HOME}/.lyx
+nodeny  ${HOME}/.config/LyX
+nodeny  ${HOME}/.lyx
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,11 +21,11 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
 
-whitelist /usr/share/lyx
-whitelist /usr/share/texinfo
-whitelist /usr/share/texlive
-whitelist /usr/share/texmf-dist
-whitelist /usr/share/tlpkg
+allow  /usr/share/lyx
+allow  /usr/share/texinfo
+allow  /usr/share/texlive
+allow  /usr/share/texmf-dist
+allow  /usr/share/tlpkg
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
index 4637419bf31..3a4edcf69fb 100644
--- a/etc/profile-a-l/sway.profile
+++ b/etc/profile-a-l/sway.profile
@@ -7,9 +7,9 @@ include sway.local
 include globals.local
 
 # all applications started in sway will run in this profile
-noblacklist ${HOME}/.config/sway
+nodeny  ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
-noblacklist ${HOME}/.config/i3
+nodeny  ${HOME}/.config/i3
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile
index 62d0a8b3a3e..e6c43007db1 100644
--- a/etc/profile-m-z/Maelstrom.profile
+++ b/etc/profile-m-z/Maelstrom.profile
@@ -6,7 +6,7 @@ include Maelstrom.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/lib/games/Maelstrom-Scores
+nodeny  /var/lib/games/Maelstrom-Scores
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /var/lib/games
+allow  /var/lib/games
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile
index c2734b1c16d..bd929d21a79 100644
--- a/etc/profile-m-z/Mathematica.profile
+++ b/etc/profile-m-z/Mathematica.profile
@@ -5,8 +5,8 @@ include Mathematica.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.Mathematica
-noblacklist ${HOME}/.Wolfram Research
+nodeny  ${HOME}/.Mathematica
+nodeny  ${HOME}/.Wolfram Research
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 mkdir ${HOME}/.Mathematica
 mkdir ${HOME}/.Wolfram Research
 mkdir ${HOME}/Documents/Wolfram Mathematica
-whitelist ${HOME}/.Mathematica
-whitelist ${HOME}/.Wolfram Research
-whitelist ${HOME}/Documents/Wolfram Mathematica
+allow  ${HOME}/.Mathematica
+allow  ${HOME}/.Wolfram Research
+allow  ${HOME}/Documents/Wolfram Mathematica
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
index e678b7204cd..f833b9446ba 100644
--- a/etc/profile-m-z/PCSX2.profile
+++ b/etc/profile-m-z/PCSX2.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # Note: you must whitelist your games folder in your PCSX2.local.
 
-noblacklist ${HOME}/.config/PCSX2
+nodeny  ${HOME}/.config/PCSX2
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/PCSX2
-whitelist ${HOME}/.config/PCSX2
+allow  ${HOME}/.config/PCSX2
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile
index 86120587bad..d7b01fe06ef 100644
--- a/etc/profile-m-z/QMediathekView.profile
+++ b/etc/profile-m-z/QMediathekView.profile
@@ -6,18 +6,18 @@ include QMediathekView.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/QMediathekView
-noblacklist ${HOME}/.local/share/QMediathekView
-
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.config/smplayer
-noblacklist ${HOME}/.config/totem
-noblacklist ${HOME}/.config/vlc
-noblacklist ${HOME}/.config/xplayer
-noblacklist ${HOME}/.local/share/totem
-noblacklist ${HOME}/.local/share/xplayer
-noblacklist ${HOME}/.mplayer
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/QMediathekView
+nodeny  ${HOME}/.local/share/QMediathekView
+
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.config/smplayer
+nodeny  ${HOME}/.config/totem
+nodeny  ${HOME}/.config/vlc
+nodeny  ${HOME}/.config/xplayer
+nodeny  ${HOME}/.local/share/totem
+nodeny  ${HOME}/.local/share/xplayer
+nodeny  ${HOME}/.mplayer
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,7 +28,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/qtchooser
+allow  /usr/share/qtchooser
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile
index 660378089ab..4ca42730a01 100644
--- a/etc/profile-m-z/QOwnNotes.profile
+++ b/etc/profile-m-z/QOwnNotes.profile
@@ -6,10 +6,10 @@ include QOwnNotes.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/Nextcloud/Notes
-noblacklist ${HOME}/.config/PBE
-noblacklist ${HOME}/.local/share/PBE
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/Nextcloud/Notes
+nodeny  ${HOME}/.config/PBE
+nodeny  ${HOME}/.local/share/PBE
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/Nextcloud/Notes
 mkdir ${HOME}/.config/PBE
 mkdir ${HOME}/.local/share/PBE
-whitelist ${DOCUMENTS}
-whitelist ${HOME}/Nextcloud/Notes
-whitelist ${HOME}/.config/PBE
-whitelist ${HOME}/.local/share/PBE
+allow  ${DOCUMENTS}
+allow  ${HOME}/Nextcloud/Notes
+allow  ${HOME}/.config/PBE
+allow  ${HOME}/.local/share/PBE
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile
index 3195e39fa45..b98847d3aee 100644
--- a/etc/profile-m-z/Viber.profile
+++ b/etc/profile-m-z/Viber.profile
@@ -5,8 +5,8 @@ include Viber.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ViberPC
-noblacklist ${PATH}/dig
+nodeny  ${HOME}/.ViberPC
+nodeny  ${PATH}/dig
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.ViberPC
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.ViberPC
+allow  ${DOWNLOADS}
+allow  ${HOME}/.ViberPC
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile
index d78e045952c..c9cf7adf76e 100644
--- a/etc/profile-m-z/XMind.profile
+++ b/etc/profile-m-z/XMind.profile
@@ -5,7 +5,7 @@ include XMind.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.xmind
+nodeny  ${HOME}/.xmind
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.xmind
-whitelist ${HOME}/.xmind
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.xmind
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile
index 5cf5161cedb..7ba1cdac90a 100644
--- a/etc/profile-m-z/Xephyr.profile
+++ b/etc/profile-m-z/Xephyr.profile
@@ -15,7 +15,7 @@ include globals.local
 # or run "sudo firecfg"
 #
 
-whitelist /var/lib/xkb
+allow  /var/lib/xkb
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile
index 1acd430238b..a246ccb2351 100644
--- a/etc/profile-m-z/Xvfb.profile
+++ b/etc/profile-m-z/Xvfb.profile
@@ -18,7 +18,7 @@ include globals.local
 # some Linux distributions. Also, older versions of Xpra use Xvfb.
 #
 
-whitelist /var/lib/xkb
+allow  /var/lib/xkb
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile
index 7686c3442a0..4f65ad7d106 100644
--- a/etc/profile-m-z/ZeGrapher.profile
+++ b/etc/profile-m-z/ZeGrapher.profile
@@ -6,7 +6,7 @@ include ZeGrapher.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ZeGrapher Project
+nodeny  ${HOME}/.config/ZeGrapher Project
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-whitelist /usr/share/ZeGrapher
+allow  /usr/share/ZeGrapher
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile
index d1dcb6fe0ab..763d475bb44 100644
--- a/etc/profile-m-z/macrofusion.profile
+++ b/etc/profile-m-z/macrofusion.profile
@@ -5,8 +5,8 @@ include macrofusion.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mfusion
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/mfusion
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile
index 8a27b2626e4..d561a50955b 100644
--- a/etc/profile-m-z/magicor.profile
+++ b/etc/profile-m-z/magicor.profile
@@ -6,7 +6,7 @@ include magicor.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.magicor
+nodeny  ${HOME}/.magicor
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.magicor
-whitelist ${HOME}/.magicor
-whitelist /usr/share/magicor
+allow  ${HOME}/.magicor
+allow  /usr/share/magicor
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index 513fcae5546..a7c486c9f84 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -6,8 +6,8 @@ include makepkg.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
 # for potential issues and their solutions when Firejailing makepkg
@@ -17,18 +17,18 @@ blacklist ${RUNUSER}/wayland-*
 # whitelist ${HOME}/.gnupg
 
 # Enable severely restricted access to ${HOME}/.gnupg
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 read-only ${HOME}/.gnupg/gpg.conf
 read-only ${HOME}/.gnupg/trustdb.gpg
 read-only ${HOME}/.gnupg/pubring.kbx
-blacklist ${HOME}/.gnupg/random_seed
-blacklist ${HOME}/.gnupg/pubring.kbx~
-blacklist ${HOME}/.gnupg/private-keys-v1.d
-blacklist ${HOME}/.gnupg/crls.d
-blacklist ${HOME}/.gnupg/openpgp-revocs.d
+deny  ${HOME}/.gnupg/random_seed
+deny  ${HOME}/.gnupg/pubring.kbx~
+deny  ${HOME}/.gnupg/private-keys-v1.d
+deny  ${HOME}/.gnupg/crls.d
+deny  ${HOME}/.gnupg/openpgp-revocs.d
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only.
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index bd510fcac80..383eeeeb700 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -7,10 +7,10 @@ include man.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${HOME}/.local/share/man
-noblacklist ${HOME}/.rustup
+nodeny  ${HOME}/.local/share/man
+nodeny  ${HOME}/.rustup
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,12 +23,12 @@ include disable-xdg.inc
 #mkdir ${HOME}/.local/share/man
 #whitelist ${HOME}/.local/share/man
 #whitelist ${HOME}/.manpath
-whitelist /usr/share/groff
-whitelist /usr/share/info
-whitelist /usr/share/lintian
-whitelist /usr/share/locale
-whitelist /usr/share/man
-whitelist /var/cache/man
+allow  /usr/share/groff
+allow  /usr/share/info
+allow  /usr/share/lintian
+allow  /usr/share/locale
+allow  /usr/share/man
+allow  /var/cache/man
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile
index f59a56ac6e0..67ee783a67f 100644
--- a/etc/profile-m-z/manaplus.profile
+++ b/etc/profile-m-z/manaplus.profile
@@ -6,8 +6,8 @@ include manaplus.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mana
-noblacklist ${HOME}/.local/share/mana
+nodeny  ${HOME}/.config/mana
+nodeny  ${HOME}/.local/share/mana
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/mana
 mkdir ${HOME}/.config/mana/mana
 mkdir ${HOME}/.local/share/mana
-whitelist ${HOME}/.config/mana
-whitelist ${HOME}/.local/share/mana
+allow  ${HOME}/.config/mana
+allow  ${HOME}/.local/share/mana
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index bd56a822102..7645ad3356e 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -11,8 +11,8 @@ include globals.local
 #protocol unix,inet,inet6
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
 
-noblacklist ${HOME}/.cache/marker
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/marker
+nodeny  ${DOCUMENTS}
 
 include allow-python3.inc
 
@@ -25,8 +25,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/com.github.fabiocolacio.marker
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/com.github.fabiocolacio.marker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile
index de11350713c..d8b215b7fa6 100644
--- a/etc/profile-m-z/masterpdfeditor.profile
+++ b/etc/profile-m-z/masterpdfeditor.profile
@@ -6,8 +6,8 @@ include masterpdfeditor.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Code Industry
-noblacklist ${HOME}/.masterpdfeditor
+nodeny  ${HOME}/.config/Code Industry
+nodeny  ${HOME}/.masterpdfeditor
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile
index 39ee7439d00..92832783e0b 100644
--- a/etc/profile-m-z/mate-calc.profile
+++ b/etc/profile-m-z/mate-calc.profile
@@ -6,7 +6,7 @@ include mate-calc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mate-calc
+nodeny  ${HOME}/.config/mate-calc
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/mate-calc
 mkdir ${HOME}/.config/caja
 mkdir ${HOME}/.config/mate-menu
-whitelist ${HOME}/.cache/mate-calc
-whitelist ${HOME}/.config/caja
-whitelist ${HOME}/.config/mate-menu
+allow  ${HOME}/.cache/mate-calc
+allow  ${HOME}/.config/caja
+allow  ${HOME}/.config/mate-menu
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile
index ae1fcbf62b8..90c9d0993e4 100644
--- a/etc/profile-m-z/mate-dictionary.profile
+++ b/etc/profile-m-z/mate-dictionary.profile
@@ -5,7 +5,7 @@ include mate-dictionary.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mate/mate-dictionary
+nodeny  ${HOME}/.config/mate/mate-dictionary
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/mate/mate-dictionary
-whitelist ${HOME}/.config/mate/mate-dictionary
+allow  ${HOME}/.config/mate/mate-dictionary
 include whitelist-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile
index b3080df88c5..8ee470a5059 100644
--- a/etc/profile-m-z/matrix-mirage.profile
+++ b/etc/profile-m-z/matrix-mirage.profile
@@ -7,16 +7,16 @@ include matrix-mirage.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/matrix-mirage
-noblacklist ${HOME}/.config/matrix-mirage
-noblacklist ${HOME}/.local/share/matrix-mirage
+nodeny  ${HOME}/.cache/matrix-mirage
+nodeny  ${HOME}/.config/matrix-mirage
+nodeny  ${HOME}/.local/share/matrix-mirage
 
 mkdir ${HOME}/.cache/matrix-mirage
 mkdir ${HOME}/.config/matrix-mirage
 mkdir ${HOME}/.local/share/matrix-mirage
-whitelist ${HOME}/.cache/matrix-mirage
-whitelist ${HOME}/.config/matrix-mirage
-whitelist ${HOME}/.local/share/matrix-mirage
+allow  ${HOME}/.cache/matrix-mirage
+allow  ${HOME}/.config/matrix-mirage
+allow  ${HOME}/.local/share/matrix-mirage
 
 private-bin matrix-mirage
 
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile
index 3c2bf4fa390..01076a90a21 100644
--- a/etc/profile-m-z/mattermost-desktop.profile
+++ b/etc/profile-m-z/mattermost-desktop.profile
@@ -10,12 +10,12 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/Mattermost
+nodeny  ${HOME}/.config/Mattermost
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Mattermost
-whitelist ${HOME}/.config/Mattermost
+allow  ${HOME}/.config/Mattermost
 
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
 
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile
index 38d2d8d63bb..ae749114ad8 100644
--- a/etc/profile-m-z/mcabber.profile
+++ b/etc/profile-m-z/mcabber.profile
@@ -6,8 +6,8 @@ include mcabber.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.mcabber
-noblacklist ${HOME}/.mcabberrc
+nodeny  ${HOME}/.mcabber
+nodeny  ${HOME}/.mcabberrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
index fcd1e24e5d9..d9e12fb5de7 100644
--- a/etc/profile-m-z/mcomix.profile
+++ b/etc/profile-m-z/mcomix.profile
@@ -6,9 +6,9 @@ include mcomix.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mcomix
-noblacklist ${HOME}/.local/share/mcomix
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/mcomix
+nodeny  ${HOME}/.local/share/mcomix
+nodeny  ${DOCUMENTS}
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -30,7 +30,7 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/mcomix
 mkdir ${HOME}/.local/share/mcomix
-whitelist /usr/share/mcomix
+allow  /usr/share/mcomix
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile
index 5d3f8dc41f8..9e8656290bb 100644
--- a/etc/profile-m-z/mdr.profile
+++ b/etc/profile-m-z/mdr.profile
@@ -5,7 +5,7 @@ include mdr.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile
index 17363624f18..ae34ea32156 100644
--- a/etc/profile-m-z/mediainfo.profile
+++ b/etc/profile-m-z/mediainfo.profile
@@ -6,7 +6,7 @@ include mediainfo.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile
index 0063badd8db..3459ad4cf30 100644
--- a/etc/profile-m-z/mediathekview.profile
+++ b/etc/profile-m-z/mediathekview.profile
@@ -6,16 +6,16 @@ include mediathekview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.config/smplayer
-noblacklist ${HOME}/.config/totem
-noblacklist ${HOME}/.config/vlc
-noblacklist ${HOME}/.config/xplayer
-noblacklist ${HOME}/.local/share/totem
-noblacklist ${HOME}/.local/share/xplayer
-noblacklist ${HOME}/.mediathek3
-noblacklist ${HOME}/.mplayer
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.config/smplayer
+nodeny  ${HOME}/.config/totem
+nodeny  ${HOME}/.config/vlc
+nodeny  ${HOME}/.config/xplayer
+nodeny  ${HOME}/.local/share/totem
+nodeny  ${HOME}/.local/share/xplayer
+nodeny  ${HOME}/.mediathek3
+nodeny  ${HOME}/.mplayer
+nodeny  ${VIDEOS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile
index f07b9166a79..ad9094ddf9e 100644
--- a/etc/profile-m-z/megaglest.profile
+++ b/etc/profile-m-z/megaglest.profile
@@ -6,7 +6,7 @@ include megaglest.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.megaglest
+nodeny  ${HOME}/.megaglest
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.megaglest
-whitelist ${HOME}/.megaglest
-whitelist /usr/share/megaglest
-whitelist /usr/share/games/megaglest	# Debian version
+allow  ${HOME}/.megaglest
+allow  /usr/share/megaglest
+allow  /usr/share/games/megaglest	# Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index 2a8bb3acf99..06ee572c9af 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -13,12 +13,12 @@ include globals.local
 # Calling it by its absolute path (example for git mergetool):
 # $ git config --global mergetool.meld.cmd /usr/bin/meld
 
-noblacklist ${HOME}/.config/meld
-noblacklist ${HOME}/.config/git
-noblacklist ${HOME}/.gitconfig
-noblacklist ${HOME}/.git-credentials
-noblacklist ${HOME}/.local/share/meld
-noblacklist ${HOME}/.subversion
+nodeny  ${HOME}/.config/meld
+nodeny  ${HOME}/.config/git
+nodeny  ${HOME}/.gitconfig
+nodeny  ${HOME}/.git-credentials
+nodeny  ${HOME}/.local/share/meld
+nodeny  ${HOME}/.subversion
 
 # Allow python (blacklisted by disable-interpreters.inc)
 # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks
@@ -29,7 +29,7 @@ include allow-python3.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 # Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
 #include disable-common.inc
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile
index c0bdbb23076..e33d6c157aa 100644
--- a/etc/profile-m-z/mendeleydesktop.profile
+++ b/etc/profile-m-z/mendeleydesktop.profile
@@ -6,13 +6,13 @@ include mendeleydesktop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.cache/Mendeley Ltd.
-noblacklist ${HOME}/.config/Mendeley Ltd.
-noblacklist ${HOME}/.local/share/Mendeley Ltd.
-noblacklist ${HOME}/.local/share/data/Mendeley Ltd.
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.cache/Mendeley Ltd.
+nodeny  ${HOME}/.config/Mendeley Ltd.
+nodeny  ${HOME}/.local/share/Mendeley Ltd.
+nodeny  ${HOME}/.local/share/data/Mendeley Ltd.
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
index 2081b8c964f..52808a5b551 100644
--- a/etc/profile-m-z/menulibre.profile
+++ b/etc/profile-m-z/menulibre.profile
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc
 include disable-xdg.inc
 
 # Whitelist your system icon directory,varies by distro
-whitelist /usr/share/app-info
-whitelist /usr/share/desktop-directories
-whitelist /usr/share/icons
-whitelist /usr/share/menulibre
-whitelist /var/lib/app-info/icons
-whitelist /var/lib/flatpak/exports/share/applications
-whitelist /var/lib/flatpak/exports/share/icons
+allow  /usr/share/app-info
+allow  /usr/share/desktop-directories
+allow  /usr/share/icons
+allow  /usr/share/menulibre
+allow  /var/lib/app-info/icons
+allow  /var/lib/flatpak/exports/share/applications
+allow  /var/lib/flatpak/exports/share/icons
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile
index 85ed7bc7486..48f9366329c 100644
--- a/etc/profile-m-z/meteo-qt.profile
+++ b/etc/profile-m-z/meteo-qt.profile
@@ -6,8 +6,8 @@ include meteo-qt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/autostart
-noblacklist ${HOME}/.config/meteo-qt
+nodeny  ${HOME}/.config/autostart
+nodeny  ${HOME}/.config/meteo-qt
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/meteo-qt
-whitelist ${HOME}/.config/autostart
-whitelist ${HOME}/.config/meteo-qt
+allow  ${HOME}/.config/autostart
+allow  ${HOME}/.config/meteo-qt
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile
index 039cd36a80c..96465866cd6 100644
--- a/etc/profile-m-z/microsoft-edge-dev.profile
+++ b/etc/profile-m-z/microsoft-edge-dev.profile
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/microsoft-edge-dev
-noblacklist ${HOME}/.config/microsoft-edge-dev
+nodeny  ${HOME}/.cache/microsoft-edge-dev
+nodeny  ${HOME}/.config/microsoft-edge-dev
 
 mkdir ${HOME}/.cache/microsoft-edge-dev
 mkdir ${HOME}/.config/microsoft-edge-dev
-whitelist ${HOME}/.cache/microsoft-edge-dev
-whitelist ${HOME}/.config/microsoft-edge-dev
+allow  ${HOME}/.cache/microsoft-edge-dev
+allow  ${HOME}/.config/microsoft-edge-dev
 
 private-opt microsoft
 
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile
index e152596083a..c4a444e0d6d 100644
--- a/etc/profile-m-z/midori.profile
+++ b/etc/profile-m-z/midori.profile
@@ -9,17 +9,17 @@ include globals.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/midori
-noblacklist ${HOME}/.config/midori
-noblacklist ${HOME}/.local/share/midori
+nodeny  ${HOME}/.cache/midori
+nodeny  ${HOME}/.config/midori
+nodeny  ${HOME}/.local/share/midori
 # noblacklist ${HOME}/.local/share/webkit
 # noblacklist ${HOME}/.local/share/webkitgtk
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
-noblacklist ${HOME}/.cache/gnome-mplayer
-noblacklist ${HOME}/.config/gnome-mplayer
-noblacklist ${HOME}/.lastpass
+nodeny  ${HOME}/.cache/gnome-mplayer
+nodeny  ${HOME}/.config/gnome-mplayer
+nodeny  ${HOME}/.lastpass
 
 include disable-common.inc
 include disable-devel.inc
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit
 mkdir ${HOME}/.local/share/webkitgtk
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
-whitelist ${HOME}/.cache/midori
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/midori
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.local/share/midori
-whitelist ${HOME}/.local/share/webkit
-whitelist ${HOME}/.local/share/webkitgtk
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/gnome-mplayer/plugin
+allow  ${HOME}/.cache/midori
+allow  ${HOME}/.config/gnome-mplayer
+allow  ${HOME}/.config/midori
+allow  ${HOME}/.lastpass
+allow  ${HOME}/.local/share/midori
+allow  ${HOME}/.local/share/webkit
+allow  ${HOME}/.local/share/webkitgtk
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile
index 7f3aeab4475..2143321845d 100644
--- a/etc/profile-m-z/min.profile
+++ b/etc/profile-m-z/min.profile
@@ -6,10 +6,10 @@ include min.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Min
+nodeny  ${HOME}/.config/Min
 
 mkdir ${HOME}/.config/Min
-whitelist ${HOME}/.config/Min
+allow  ${HOME}/.config/Min
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile
index fbf6b58e87e..ee8402b87bb 100644
--- a/etc/profile-m-z/mindless.profile
+++ b/etc/profile-m-z/mindless.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/mindless
+allow  /usr/share/mindless
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index 1028e374ad5..595313851af 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -11,7 +11,7 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.minecraft
+nodeny  ${HOME}/.minecraft
 
 include allow-java.inc
 
@@ -25,7 +25,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.minecraft
-whitelist ${HOME}/.minecraft
+allow  ${HOME}/.minecraft
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile
index cad1adbda35..11d0859b7c2 100644
--- a/etc/profile-m-z/minetest.profile
+++ b/etc/profile-m-z/minetest.profile
@@ -9,8 +9,8 @@ include globals.local
 # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf:
 #   screenshot_path = /home/<USER>/.minetest/screenshots
 
-noblacklist ${HOME}/.cache/minetest
-noblacklist ${HOME}/.minetest
+nodeny  ${HOME}/.cache/minetest
+nodeny  ${HOME}/.minetest
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -26,10 +26,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/minetest
 mkdir ${HOME}/.minetest
-whitelist ${HOME}/.cache/minetest
-whitelist ${HOME}/.minetest
-whitelist /usr/share/games/minetest
-whitelist /usr/share/minetest
+allow  ${HOME}/.cache/minetest
+allow  ${HOME}/.minetest
+allow  /usr/share/games/minetest
+allow  /usr/share/minetest
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile
index 3fe3428d096..192913dbfdc 100644
--- a/etc/profile-m-z/minitube.profile
+++ b/etc/profile-m-z/minitube.profile
@@ -6,10 +6,10 @@ include minitube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
-noblacklist ${HOME}/.cache/Flavio Tordini
-noblacklist ${HOME}/.config/Flavio Tordini
-noblacklist ${HOME}/.local/share/Flavio Tordini
+nodeny  ${PICTURES}
+nodeny  ${HOME}/.cache/Flavio Tordini
+nodeny  ${HOME}/.config/Flavio Tordini
+nodeny  ${HOME}/.local/share/Flavio Tordini
 
 include allow-lua.inc
 
@@ -25,11 +25,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Flavio Tordini
 mkdir ${HOME}/.config/Flavio Tordini
 mkdir ${HOME}/.local/share/Flavio Tordini
-whitelist ${PICTURES}
-whitelist ${HOME}/.cache/Flavio Tordini
-whitelist ${HOME}/.config/Flavio Tordini
-whitelist ${HOME}/.local/share/Flavio Tordini
-whitelist /usr/share/minitube
+allow  ${PICTURES}
+allow  ${HOME}/.cache/Flavio Tordini
+allow  ${HOME}/.config/Flavio Tordini
+allow  ${HOME}/.local/share/Flavio Tordini
+allow  /usr/share/minitube
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
index 50500928302..b2f2cc5b142 100644
--- a/etc/profile-m-z/mirage.profile
+++ b/etc/profile-m-z/mirage.profile
@@ -6,10 +6,10 @@ include mirage.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mirage
-noblacklist ${HOME}/.config/mirage
-noblacklist ${HOME}/.local/share/mirage
-noblacklist /sbin
+nodeny  ${HOME}/.cache/mirage
+nodeny  ${HOME}/.config/mirage
+nodeny  ${HOME}/.local/share/mirage
+nodeny  /sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -27,10 +27,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/mirage
 mkdir ${HOME}/.config/mirage
 mkdir ${HOME}/.local/share/mirage
-whitelist ${HOME}/.cache/mirage
-whitelist ${HOME}/.config/mirage
-whitelist ${HOME}/.local/share/mirage
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/mirage
+allow  ${HOME}/.config/mirage
+allow  ${HOME}/.local/share/mirage
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile
index 58dfd56f597..d5ebfd4b09b 100644
--- a/etc/profile-m-z/mirrormagic.profile
+++ b/etc/profile-m-z/mirrormagic.profile
@@ -6,7 +6,7 @@ include mirrormagic.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.mirrormagic
+nodeny  ${HOME}/.mirrormagic
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.mirrormagic
-whitelist ${HOME}/.mirrormagic
-whitelist /usr/share/mirrormagic
+allow  ${HOME}/.mirrormagic
+allow  /usr/share/mirrormagic
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index e71ba456900..b734bd7c020 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -7,8 +7,8 @@ include mocp.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.moc
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.moc
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile
index 98063fa7c7e..a02b29b6101 100644
--- a/etc/profile-m-z/mousepad.profile
+++ b/etc/profile-m-z/mousepad.profile
@@ -6,7 +6,7 @@ include mousepad.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Mousepad
+nodeny  ${HOME}/.config/Mousepad
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile
index 37ce60e042b..f47384753f6 100644
--- a/etc/profile-m-z/mp3splt-gtk.profile
+++ b/etc/profile-m-z/mp3splt-gtk.profile
@@ -6,7 +6,7 @@ include mp3splt-gtk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.mp3splt-gtk
+nodeny  ${HOME}/.mp3splt-gtk
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile
index 070de845194..8a2ab15bdb8 100644
--- a/etc/profile-m-z/mp3splt.profile
+++ b/etc/profile-m-z/mp3splt.profile
@@ -6,9 +6,9 @@ include mp3splt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile
index 55a0b589725..6994b04292e 100644
--- a/etc/profile-m-z/mpDris2.profile
+++ b/etc/profile-m-z/mpDris2.profile
@@ -6,13 +6,13 @@ include mpDris2.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mpDris2
+nodeny  ${HOME}/.config/mpDris2
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${MUSIC}
+allow  ${MUSIC}
 
 mkdir ${HOME}/.config/mpDris2
-whitelist ${HOME}/.config/mpDris2
+allow  ${HOME}/.config/mpDris2
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile
index b517d4ab254..8b3350ac808 100644
--- a/etc/profile-m-z/mpd.profile
+++ b/etc/profile-m-z/mpd.profile
@@ -6,10 +6,10 @@ include mpd.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mpd
-noblacklist ${HOME}/.mpd
-noblacklist ${HOME}/.mpdconf
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/mpd
+nodeny  ${HOME}/.mpd
+nodeny  ${HOME}/.mpdconf
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile
index 25187e89429..03bd44daaef 100644
--- a/etc/profile-m-z/mpg123.profile
+++ b/etc/profile-m-z/mpg123.profile
@@ -7,7 +7,7 @@ include mpg123.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile
index 5d023b7f11c..84754aeb250 100644
--- a/etc/profile-m-z/mplayer.profile
+++ b/etc/profile-m-z/mplayer.profile
@@ -6,7 +6,7 @@ include mplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.mplayer
+nodeny  ${HOME}/.mplayer
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 
 read-only ${DESKTOP}
 mkdir ${HOME}/.mplayer
-whitelist ${HOME}/.mplayer
+allow  ${HOME}/.mplayer
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile
index bfe57a132e9..d355191035e 100644
--- a/etc/profile-m-z/mpsyt.profile
+++ b/etc/profile-m-z/mpsyt.profile
@@ -6,12 +6,12 @@ include mpsyt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mps-youtube
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.mplayer
-noblacklist ${HOME}/.netrc
-noblacklist ${HOME}/mps
+nodeny  ${HOME}/.config/mps-youtube
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.mplayer
+nodeny  ${HOME}/.netrc
+nodeny  ${HOME}/mps
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -20,8 +20,8 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv
 mkdir ${HOME}/.config/youtube-dl
 mkdir ${HOME}/.mplayer
 mkdir ${HOME}/mps
-whitelist ${HOME}/.config/mps-youtube
-whitelist ${HOME}/.config/mpv
-whitelist ${HOME}/.config/youtube-dl
-whitelist ${HOME}/.mplayer
-whitelist ${HOME}/.netrc
-whitelist ${HOME}/mps
+allow  ${HOME}/.config/mps-youtube
+allow  ${HOME}/.config/mpv
+allow  ${HOME}/.config/youtube-dl
+allow  ${HOME}/.mplayer
+allow  ${HOME}/.netrc
+allow  ${HOME}/mps
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index af5c214f792..4ea2dd34846 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -24,9 +24,9 @@ include globals.local
 #include allow-bin-sh.inc
 #private-bin sh
 
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.netrc
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.netrc
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -35,7 +35,7 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -49,14 +49,14 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.config/mpv
 mkdir ${HOME}/.config/youtube-dl
 mkfile ${HOME}/.netrc
-whitelist ${HOME}/.config/mpv
-whitelist ${HOME}/.config/youtube-dl
-whitelist ${HOME}/.netrc
+allow  ${HOME}/.config/mpv
+allow  ${HOME}/.config/youtube-dl
+allow  ${HOME}/.netrc
 include whitelist-common.inc
 include whitelist-player-common.inc
-whitelist /usr/share/lua
-whitelist /usr/share/lua*
-whitelist /usr/share/vulkan
+allow  /usr/share/lua
+allow  /usr/share/lua*
+allow  /usr/share/vulkan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile
index e3ceb3bd450..a8c49a69087 100644
--- a/etc/profile-m-z/mrrescue.profile
+++ b/etc/profile-m-z/mrrescue.profile
@@ -6,7 +6,7 @@ include mrrescue.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/love
+nodeny  ${HOME}/.local/share/love
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -14,7 +14,7 @@ include allow-bin-sh.inc
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -26,8 +26,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/love
-whitelist ${HOME}/.local/share/love
-whitelist /usr/share/mrrescue
+allow  ${HOME}/.local/share/love
+allow  /usr/share/mrrescue
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile
index db24e8f9bbc..5fea86ae7f2 100644
--- a/etc/profile-m-z/ms-excel.profile
+++ b/etc/profile-m-z/ms-excel.profile
@@ -6,7 +6,7 @@ include ms-excel.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/ms-excel-online
+nodeny  ${HOME}/.cache/ms-excel-online
 private-bin ms-excel
 
 # Redirect
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile
index 38fc84ecca5..4033627f757 100644
--- a/etc/profile-m-z/ms-office.profile
+++ b/etc/profile-m-z/ms-office.profile
@@ -5,8 +5,8 @@ include ms-office.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/ms-office-online
-noblacklist ${HOME}/.jak
+nodeny  ${HOME}/.cache/ms-office-online
+nodeny  ${HOME}/.jak
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile
index 9ea0637bdea..805de5102ab 100644
--- a/etc/profile-m-z/ms-onenote.profile
+++ b/etc/profile-m-z/ms-onenote.profile
@@ -6,7 +6,7 @@ include ms-onenote.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/ms-onenote-online
+nodeny  ${HOME}/.cache/ms-onenote-online
 private-bin ms-onenote
 
 # Redirect
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile
index fc3e7c0090c..bd14fb7d3e3 100644
--- a/etc/profile-m-z/ms-outlook.profile
+++ b/etc/profile-m-z/ms-outlook.profile
@@ -6,7 +6,7 @@ include ms-outlook.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/ms-outlook-online
+nodeny  ${HOME}/.cache/ms-outlook-online
 private-bin ms-outlook
 
 # Redirect
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile
index dadcd5b1e6f..02a7424e225 100644
--- a/etc/profile-m-z/ms-powerpoint.profile
+++ b/etc/profile-m-z/ms-powerpoint.profile
@@ -6,7 +6,7 @@ include ms-powerpoint.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/ms-powerpoint-online
+nodeny  ${HOME}/.cache/ms-powerpoint-online
 private-bin ms-powerpoint
 
 # Redirect
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile
index df16183610b..01729f9a201 100644
--- a/etc/profile-m-z/ms-skype.profile
+++ b/etc/profile-m-z/ms-skype.profile
@@ -8,7 +8,7 @@ include ms-skype.local
 
 ignore novideo
 
-noblacklist ${HOME}/.cache/ms-skype-online
+nodeny  ${HOME}/.cache/ms-skype-online
 
 private-bin ms-skype
 
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile
index 5a617a89327..34cf02128f6 100644
--- a/etc/profile-m-z/ms-word.profile
+++ b/etc/profile-m-z/ms-word.profile
@@ -6,7 +6,7 @@ include ms-word.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/ms-word-online
+nodeny  ${HOME}/.cache/ms-word-online
 private-bin ms-word
 
 # Redirect
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile
index 85c3ee9f2a0..ec7cd5d04b1 100644
--- a/etc/profile-m-z/mtpaint.profile
+++ b/etc/profile-m-z/mtpaint.profile
@@ -6,7 +6,7 @@ include mtpaint.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile
index 6df681df181..447e7753f17 100644
--- a/etc/profile-m-z/multimc5.profile
+++ b/etc/profile-m-z/multimc5.profile
@@ -5,9 +5,9 @@ include multimc5.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/multimc
-noblacklist ${HOME}/.local/share/multimc5
-noblacklist ${HOME}/.multimc5
+nodeny  ${HOME}/.local/share/multimc
+nodeny  ${HOME}/.local/share/multimc5
+nodeny  ${HOME}/.multimc5
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -22,9 +22,9 @@ include disable-programs.inc
 mkdir ${HOME}/.local/share/multimc
 mkdir ${HOME}/.local/share/multimc5
 mkdir ${HOME}/.multimc5
-whitelist ${HOME}/.local/share/multimc
-whitelist ${HOME}/.local/share/multimc5
-whitelist ${HOME}/.multimc5
+allow  ${HOME}/.local/share/multimc
+allow  ${HOME}/.local/share/multimc5
+allow  ${HOME}/.multimc5
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile
index c7f59c5eea5..1d72e07b87f 100644
--- a/etc/profile-m-z/mumble.profile
+++ b/etc/profile-m-z/mumble.profile
@@ -6,9 +6,9 @@ include mumble.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Mumble
-noblacklist ${HOME}/.local/share/data/Mumble
-noblacklist ${HOME}/.local/share/Mumble
+nodeny  ${HOME}/.config/Mumble
+nodeny  ${HOME}/.local/share/data/Mumble
+nodeny  ${HOME}/.local/share/Mumble
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 mkdir ${HOME}/.config/Mumble
 mkdir ${HOME}/.local/share/data/Mumble
 mkdir ${HOME}/.local/share/Mumble
-whitelist ${HOME}/.config/Mumble
-whitelist ${HOME}/.local/share/data/Mumble
-whitelist ${HOME}/.local/share/Mumble
+allow  ${HOME}/.config/Mumble
+allow  ${HOME}/.local/share/data/Mumble
+allow  ${HOME}/.local/share/Mumble
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile
index be94a908314..c208a5e542e 100644
--- a/etc/profile-m-z/mupdf-gl.profile
+++ b/etc/profile-m-z/mupdf-gl.profile
@@ -7,7 +7,7 @@ include mupdf-gl.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.mupdf.history
+nodeny  ${HOME}/.mupdf.history
 
 # Redirect
 include mupdf.profile
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile
index 9e4609c4839..e602b14290b 100644
--- a/etc/profile-m-z/mupdf.profile
+++ b/etc/profile-m-z/mupdf.profile
@@ -6,7 +6,7 @@ include mupdf.local
 # Persistent global definitions
 #include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile
index 00983a8f3e9..ecc7e2957a2 100644
--- a/etc/profile-m-z/mupen64plus.profile
+++ b/etc/profile-m-z/mupen64plus.profile
@@ -6,8 +6,8 @@ include mupen64plus.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mupen64plus
-noblacklist ${HOME}/.local/share/mupen64plus
+nodeny  ${HOME}/.config/mupen64plus
+nodeny  ${HOME}/.local/share/mupen64plus
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 # you'll need to manually whitelist ROM files
 mkdir ${HOME}/.config/mupen64plus
 mkdir ${HOME}/.local/share/mupen64plus
-whitelist ${HOME}/.config/mupen64plus
-whitelist ${HOME}/.local/share/mupen64plus
+allow  ${HOME}/.config/mupen64plus
+allow  ${HOME}/.local/share/mupen64plus
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile
index 679e82ae8d9..aa141f9c086 100644
--- a/etc/profile-m-z/musescore.profile
+++ b/etc/profile-m-z/musescore.profile
@@ -6,12 +6,12 @@ include musescore.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/MusE
-noblacklist ${HOME}/.config/MuseScore
-noblacklist ${HOME}/.local/share/data/MusE
-noblacklist ${HOME}/.local/share/data/MuseScore
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/MusE
+nodeny  ${HOME}/.config/MuseScore
+nodeny  ${HOME}/.local/share/data/MusE
+nodeny  ${HOME}/.local/share/data/MuseScore
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
index 04500ac6a8e..5ab1303a27e 100644
--- a/etc/profile-m-z/musictube.profile
+++ b/etc/profile-m-z/musictube.profile
@@ -6,9 +6,9 @@ include musictube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Flavio Tordini
-noblacklist ${HOME}/.config/Flavio Tordini
-noblacklist ${HOME}/.local/share/Flavio Tordini
+nodeny  ${HOME}/.cache/Flavio Tordini
+nodeny  ${HOME}/.config/Flavio Tordini
+nodeny  ${HOME}/.local/share/Flavio Tordini
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/Flavio Tordini
 mkdir ${HOME}/.config/Flavio Tordini
 mkdir ${HOME}/.local/share/Flavio Tordini
-whitelist ${HOME}/.cache/Flavio Tordini
-whitelist ${HOME}/.config/Flavio Tordini
-whitelist ${HOME}/.local/share/Flavio Tordini
-whitelist /usr/share/musictube
+allow  ${HOME}/.cache/Flavio Tordini
+allow  ${HOME}/.config/Flavio Tordini
+allow  ${HOME}/.local/share/Flavio Tordini
+allow  /usr/share/musictube
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile
index 74b3e9a5ffb..9390f9dcf3e 100644
--- a/etc/profile-m-z/musixmatch.profile
+++ b/etc/profile-m-z/musixmatch.profile
@@ -5,7 +5,7 @@ include musixmatch.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index debf816598f..91606bdfab9 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -7,36 +7,36 @@ include mutt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/mail
-noblacklist /var/spool/mail
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.Mail
-noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/mutt
-noblacklist ${HOME}/.config/mutt
-noblacklist ${HOME}/.config/nano
-noblacklist ${HOME}/.elinks
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mail
-noblacklist ${HOME}/.mailcap
-noblacklist ${HOME}/.msmtprc
-noblacklist ${HOME}/.mutt
-noblacklist ${HOME}/.muttrc
-noblacklist ${HOME}/.nanorc
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
-noblacklist ${HOME}/.vimrc
-noblacklist ${HOME}/.w3m
-noblacklist ${HOME}/Mail
-noblacklist ${HOME}/mail
-noblacklist ${HOME}/postponed
-noblacklist ${HOME}/sent
+nodeny  /var/mail
+nodeny  /var/spool/mail
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.Mail
+nodeny  ${HOME}/.bogofilter
+nodeny  ${HOME}/.cache/mutt
+nodeny  ${HOME}/.config/mutt
+nodeny  ${HOME}/.config/nano
+nodeny  ${HOME}/.elinks
+nodeny  ${HOME}/.emacs
+nodeny  ${HOME}/.emacs.d
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mail
+nodeny  ${HOME}/.mailcap
+nodeny  ${HOME}/.msmtprc
+nodeny  ${HOME}/.mutt
+nodeny  ${HOME}/.muttrc
+nodeny  ${HOME}/.nanorc
+nodeny  ${HOME}/.signature
+nodeny  ${HOME}/.vim
+nodeny  ${HOME}/.viminfo
+nodeny  ${HOME}/.vimrc
+nodeny  ${HOME}/.w3m
+nodeny  ${HOME}/Mail
+nodeny  ${HOME}/mail
+nodeny  ${HOME}/postponed
+nodeny  ${HOME}/sent
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 # Add the next lines to your mutt.local for oauth.py,S/MIME support.
 #include allow-perl.inc
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc
 mkfile ${HOME}/.signature
 mkfile ${HOME}/.viminfo
 mkfile ${HOME}/.vimrc
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.Mail
-whitelist ${HOME}/.bogofilter
-whitelist ${HOME}/.cache/mutt
-whitelist ${HOME}/.config/mutt
-whitelist ${HOME}/.config/nano
-whitelist ${HOME}/.elinks
-whitelist ${HOME}/.emacs
-whitelist ${HOME}/.emacs.d
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mail
-whitelist ${HOME}/.mailcap
-whitelist ${HOME}/.msmtprc
-whitelist ${HOME}/.mutt
-whitelist ${HOME}/.muttrc
-whitelist ${HOME}/.nanorc
-whitelist ${HOME}/.signature
-whitelist ${HOME}/.vim
-whitelist ${HOME}/.viminfo
-whitelist ${HOME}/.vimrc
-whitelist ${HOME}/.w3m
-whitelist ${HOME}/Mail
-whitelist ${HOME}/mail
-whitelist ${HOME}/postponed
-whitelist ${HOME}/sent
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/mutt
-whitelist /var/mail
-whitelist /var/spool/mail
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  ${HOME}/.Mail
+allow  ${HOME}/.bogofilter
+allow  ${HOME}/.cache/mutt
+allow  ${HOME}/.config/mutt
+allow  ${HOME}/.config/nano
+allow  ${HOME}/.elinks
+allow  ${HOME}/.emacs
+allow  ${HOME}/.emacs.d
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.mail
+allow  ${HOME}/.mailcap
+allow  ${HOME}/.msmtprc
+allow  ${HOME}/.mutt
+allow  ${HOME}/.muttrc
+allow  ${HOME}/.nanorc
+allow  ${HOME}/.signature
+allow  ${HOME}/.vim
+allow  ${HOME}/.viminfo
+allow  ${HOME}/.vimrc
+allow  ${HOME}/.w3m
+allow  ${HOME}/Mail
+allow  ${HOME}/mail
+allow  ${HOME}/postponed
+allow  ${HOME}/sent
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /usr/share/mutt
+allow  /var/mail
+allow  /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile
index d8d487fe79a..19af474987d 100644
--- a/etc/profile-m-z/mypaint.profile
+++ b/etc/profile-m-z/mypaint.profile
@@ -6,10 +6,10 @@ include mypaint.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mypaint
-noblacklist ${HOME}/.config/mypaint
-noblacklist ${HOME}/.local/share/mypaint
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/mypaint
+nodeny  ${HOME}/.config/mypaint
+nodeny  ${HOME}/.local/share/mypaint
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile
index 4698c22872d..f0553bed5dd 100644
--- a/etc/profile-m-z/nano.profile
+++ b/etc/profile-m-z/nano.profile
@@ -7,10 +7,10 @@ include nano.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/nano
-noblacklist ${HOME}/.nanorc
+nodeny  ${HOME}/.config/nano
+nodeny  ${HOME}/.nanorc
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/nano
+allow  /usr/share/nano
 include whitelist-usr-share-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile
index 5bf152f8447..35d15274852 100644
--- a/etc/profile-m-z/natron.profile
+++ b/etc/profile-m-z/natron.profile
@@ -5,9 +5,9 @@ include natron.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.Natron
-noblacklist ${HOME}/.cache/INRIA/Natron
-noblacklist ${HOME}/.config/INRIA
+nodeny  ${HOME}/.Natron
+nodeny  ${HOME}/.cache/INRIA/Natron
+nodeny  ${HOME}/.config/INRIA
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile
index 063e30366c8..38646dc90b9 100644
--- a/etc/profile-m-z/ncdu.profile
+++ b/etc/profile-m-z/ncdu.profile
@@ -6,7 +6,7 @@ include ncdu.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-exec.inc
 
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
index 9f00448c819..ceb88590862 100644
--- a/etc/profile-m-z/neochat.profile
+++ b/etc/profile-m-z/neochat.profile
@@ -6,12 +6,12 @@ include neochat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/KDE/neochat
-noblacklist ${HOME}/.config/KDE
-noblacklist ${HOME}/.config/KDE/neochat
-noblacklist ${HOME}/.config/neochatrc
-noblacklist ${HOME}/.config/neochat.notifyrc
-noblacklist ${HOME}/.local/share/KDE/neochat
+nodeny  ${HOME}/.cache/KDE/neochat
+nodeny  ${HOME}/.config/KDE
+nodeny  ${HOME}/.config/KDE/neochat
+nodeny  ${HOME}/.config/neochatrc
+nodeny  ${HOME}/.config/neochat.notifyrc
+nodeny  ${HOME}/.local/share/KDE/neochat
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,9 +24,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/KDE/neochat
 mkdir ${HOME}/.local/share/KDE/neochat
-whitelist ${HOME}/.cache/KDE/neochat
-whitelist ${HOME}/.local/share/KDE/neochat
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/KDE/neochat
+allow  ${HOME}/.local/share/KDE/neochat
+allow  ${DOWNLOADS}
 include whitelist-1793-workaround.inc
 include whitelist-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index fafa129e4ab..939d6f111d2 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -7,38 +7,38 @@ include neomutt.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${HOME}/.Mail
-noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.config/mutt
-noblacklist ${HOME}/.config/nano
-noblacklist ${HOME}/.config/neomutt
-noblacklist ${HOME}/.elinks
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mail
-noblacklist ${HOME}/.mailcap
-noblacklist ${HOME}/.msmtprc
-noblacklist ${HOME}/.mutt
-noblacklist ${HOME}/.muttrc
-noblacklist ${HOME}/.nanorc
-noblacklist ${HOME}/.neomutt
-noblacklist ${HOME}/.neomuttrc
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
-noblacklist ${HOME}/.vimrc
-noblacklist ${HOME}/.w3m
-noblacklist ${HOME}/Mail
-noblacklist ${HOME}/mail
-noblacklist ${HOME}/postponed
-noblacklist ${HOME}/sent
-noblacklist /var/mail
-noblacklist /var/spool/mail
+nodeny  ${DOCUMENTS}
+nodeny  ${HOME}/.Mail
+nodeny  ${HOME}/.bogofilter
+nodeny  ${HOME}/.config/mutt
+nodeny  ${HOME}/.config/nano
+nodeny  ${HOME}/.config/neomutt
+nodeny  ${HOME}/.elinks
+nodeny  ${HOME}/.emacs
+nodeny  ${HOME}/.emacs.d
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.mail
+nodeny  ${HOME}/.mailcap
+nodeny  ${HOME}/.msmtprc
+nodeny  ${HOME}/.mutt
+nodeny  ${HOME}/.muttrc
+nodeny  ${HOME}/.nanorc
+nodeny  ${HOME}/.neomutt
+nodeny  ${HOME}/.neomuttrc
+nodeny  ${HOME}/.signature
+nodeny  ${HOME}/.vim
+nodeny  ${HOME}/.viminfo
+nodeny  ${HOME}/.vimrc
+nodeny  ${HOME}/.w3m
+nodeny  ${HOME}/Mail
+nodeny  ${HOME}/mail
+nodeny  ${HOME}/postponed
+nodeny  ${HOME}/sent
+nodeny  /var/mail
+nodeny  /var/spool/mail
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include allow-lua.inc
 
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc
 mkfile ${HOME}/.signature
 mkfile ${HOME}/.viminfo
 mkfile ${HOME}/.vimrc
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.Mail
-whitelist ${HOME}/.bogofilter
-whitelist ${HOME}/.config/mutt
-whitelist ${HOME}/.config/nano
-whitelist ${HOME}/.config/neomutt
-whitelist ${HOME}/.elinks
-whitelist ${HOME}/.emacs
-whitelist ${HOME}/.emacs.d
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.mail
-whitelist ${HOME}/.mailcap
-whitelist ${HOME}/.msmtprc
-whitelist ${HOME}/.mutt
-whitelist ${HOME}/.muttrc
-whitelist ${HOME}/.nanorc
-whitelist ${HOME}/.neomutt
-whitelist ${HOME}/.neomuttrc
-whitelist ${HOME}/.signature
-whitelist ${HOME}/.vim
-whitelist ${HOME}/.viminfo
-whitelist ${HOME}/.vimrc
-whitelist ${HOME}/.w3m
-whitelist ${HOME}/Mail
-whitelist ${HOME}/mail
-whitelist ${HOME}/postponed
-whitelist ${HOME}/sent
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/neomutt
-whitelist /var/mail
-whitelist /var/spool/mail
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  ${HOME}/.Mail
+allow  ${HOME}/.bogofilter
+allow  ${HOME}/.config/mutt
+allow  ${HOME}/.config/nano
+allow  ${HOME}/.config/neomutt
+allow  ${HOME}/.elinks
+allow  ${HOME}/.emacs
+allow  ${HOME}/.emacs.d
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.mail
+allow  ${HOME}/.mailcap
+allow  ${HOME}/.msmtprc
+allow  ${HOME}/.mutt
+allow  ${HOME}/.muttrc
+allow  ${HOME}/.nanorc
+allow  ${HOME}/.neomutt
+allow  ${HOME}/.neomuttrc
+allow  ${HOME}/.signature
+allow  ${HOME}/.vim
+allow  ${HOME}/.viminfo
+allow  ${HOME}/.vimrc
+allow  ${HOME}/.w3m
+allow  ${HOME}/Mail
+allow  ${HOME}/mail
+allow  ${HOME}/postponed
+allow  ${HOME}/sent
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /usr/share/neomutt
+allow  /var/mail
+allow  /var/spool/mail
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile
index 5d45dd7bc53..68297c11096 100644
--- a/etc/profile-m-z/netactview.profile
+++ b/etc/profile-m-z/netactview.profile
@@ -6,7 +6,7 @@ include netactview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.netactview
+nodeny  ${HOME}/.netactview
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.netactview
-whitelist ${HOME}/.netactview
-whitelist /usr/share/netactview
+allow  ${HOME}/.netactview
+allow  /usr/share/netactview
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile
index c9a53737016..d5bf8a52a8c 100644
--- a/etc/profile-m-z/nethack-vultures.profile
+++ b/etc/profile-m-z/nethack-vultures.profile
@@ -6,7 +6,7 @@ include nethack.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.vultures
+nodeny  ${HOME}/.vultures
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.vultures
-whitelist ${HOME}/.vultures
-whitelist /var/log/vultures
+allow  ${HOME}/.vultures
+allow  /var/log/vultures
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile
index b57abe260bc..23b57bb5245 100644
--- a/etc/profile-m-z/nethack.profile
+++ b/etc/profile-m-z/nethack.profile
@@ -6,7 +6,7 @@ include nethack.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/games/nethack
+nodeny  /var/games/nethack
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/games/nethack
+allow  /var/games/nethack
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile
index 0ddb7bbbe51..b099d6f0c8f 100644
--- a/etc/profile-m-z/netsurf.profile
+++ b/etc/profile-m-z/netsurf.profile
@@ -6,8 +6,8 @@ include netsurf.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/netsurf
-noblacklist ${HOME}/.config/netsurf
+nodeny  ${HOME}/.cache/netsurf
+nodeny  ${HOME}/.config/netsurf
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/netsurf
 mkdir ${HOME}/.config/netsurf
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/netsurf
-whitelist ${HOME}/.config/netsurf
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/netsurf
+allow  ${HOME}/.config/netsurf
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile
index ecfbb14e4f3..dad90a66ccb 100644
--- a/etc/profile-m-z/neverball.profile
+++ b/etc/profile-m-z/neverball.profile
@@ -6,7 +6,7 @@ include neverball.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.neverball
+nodeny  ${HOME}/.neverball
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.neverball
-whitelist ${HOME}/.neverball
-whitelist /usr/share/neverball
+allow  ${HOME}/.neverball
+allow  /usr/share/neverball
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index 6efb19502d4..c26ba4be00b 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -11,15 +11,15 @@ ignore include newsboat.local
 ignore mkdir ${HOME}/.config/newsboat
 ignore mkdir ${HOME}/.local/share/newsboat
 ignore mkdir ${HOME}/.newsboat
-blacklist ${PATH}/newsboat
+deny  ${PATH}/newsboat
 
-blacklist ${HOME}/.config/newsboat
-blacklist ${HOME}/.local/share/newsboat
-blacklist ${HOME}/.newsboat
+deny  ${HOME}/.config/newsboat
+deny  ${HOME}/.local/share/newsboat
+deny  ${HOME}/.newsboat
 
-nowhitelist ${HOME}/.config/newsboat
-nowhitelist ${HOME}/.local/share/newsboat
-nowhitelist ${HOME}/.newsboat
+noallow  ${HOME}/.config/newsboat
+noallow  ${HOME}/.local/share/newsboat
+noallow  ${HOME}/.newsboat
 
 mkdir ${HOME}/.config/newsbeuter
 mkdir ${HOME}/.local/share/newsbeuter
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index 13bc3a61581..e34752b556b 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,12 +6,12 @@ include newsboat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/newsbeuter
-noblacklist ${HOME}/.config/newsboat
-noblacklist ${HOME}/.local/share/newsbeuter
-noblacklist ${HOME}/.local/share/newsboat
-noblacklist ${HOME}/.newsbeuter
-noblacklist ${HOME}/.newsboat
+nodeny  ${HOME}/.config/newsbeuter
+nodeny  ${HOME}/.config/newsboat
+nodeny  ${HOME}/.local/share/newsbeuter
+nodeny  ${HOME}/.local/share/newsboat
+nodeny  ${HOME}/.newsbeuter
+nodeny  ${HOME}/.newsboat
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,12 +24,12 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/newsboat
 mkdir ${HOME}/.local/share/newsboat
 mkdir ${HOME}/.newsboat
-whitelist ${HOME}/.config/newsbeuter
-whitelist ${HOME}/.config/newsboat
-whitelist ${HOME}/.local/share/newsbeuter
-whitelist ${HOME}/.local/share/newsboat
-whitelist ${HOME}/.newsbeuter
-whitelist ${HOME}/.newsboat
+allow  ${HOME}/.config/newsbeuter
+allow  ${HOME}/.config/newsboat
+allow  ${HOME}/.local/share/newsbeuter
+allow  ${HOME}/.local/share/newsboat
+allow  ${HOME}/.newsbeuter
+allow  ${HOME}/.newsboat
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile
index 18d8c6ed4c4..273628ea278 100644
--- a/etc/profile-m-z/newsflash.profile
+++ b/etc/profile-m-z/newsflash.profile
@@ -6,9 +6,9 @@ include newsflash.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/NewsFlashGTK
-noblacklist ${HOME}/.config/news-flash
-noblacklist ${HOME}/.local/share/news-flash
+nodeny  ${HOME}/.cache/NewsFlashGTK
+nodeny  ${HOME}/.config/news-flash
+nodeny  ${HOME}/.local/share/news-flash
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/NewsFlashGTK
 mkdir ${HOME}/.config/news-flash
 mkdir ${HOME}/.local/share/news-flash
-whitelist ${HOME}/.cache/NewsFlashGTK
-whitelist ${HOME}/.config/news-flash
-whitelist ${HOME}/.local/share/news-flash
+allow  ${HOME}/.cache/NewsFlashGTK
+allow  ${HOME}/.config/news-flash
+allow  ${HOME}/.local/share/news-flash
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
index 9fd76fbe7cd..7ba46691db1 100644
--- a/etc/profile-m-z/nextcloud.profile
+++ b/etc/profile-m-z/nextcloud.profile
@@ -6,9 +6,9 @@ include nextcloud.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/Nextcloud
-noblacklist ${HOME}/.config/Nextcloud
-noblacklist ${HOME}/.local/share/Nextcloud
+nodeny  ${HOME}/Nextcloud
+nodeny  ${HOME}/.config/Nextcloud
+nodeny  ${HOME}/.local/share/Nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #noblacklist ${DOCUMENTS}
 #noblacklist ${MUSIC}
@@ -27,9 +27,9 @@ include disable-xdg.inc
 mkdir ${HOME}/Nextcloud
 mkdir ${HOME}/.config/Nextcloud
 mkdir ${HOME}/.local/share/Nextcloud
-whitelist ${HOME}/Nextcloud
-whitelist ${HOME}/.config/Nextcloud
-whitelist ${HOME}/.local/share/Nextcloud
+allow  ${HOME}/Nextcloud
+allow  ${HOME}/.config/Nextcloud
+allow  ${HOME}/.local/share/Nextcloud
 # Add the next lines to your nextcloud.local to allow sync in more directories.
 #whitelist ${DOCUMENTS}
 #whitelist ${MUSIC}
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index f8062891c5b..0149e0737f0 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -6,9 +6,9 @@ include nheko.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/nheko
-noblacklist ${HOME}/.config/nheko
-noblacklist ${HOME}/.local/share/nheko
+nodeny  ${HOME}/.cache/nheko
+nodeny  ${HOME}/.config/nheko
+nodeny  ${HOME}/.local/share/nheko
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/nheko
 mkdir ${HOME}/.config/nheko
 mkdir ${HOME}/.local/share/nheko
-whitelist ${HOME}/.cache/nheko
-whitelist ${HOME}/.config/nheko
-whitelist ${HOME}/.local/share/nheko
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/nheko
+allow  ${HOME}/.config/nheko
+allow  ${HOME}/.local/share/nheko
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile
index 1c7dbc0092b..b31a7babf6d 100644
--- a/etc/profile-m-z/nicotine.profile
+++ b/etc/profile-m-z/nicotine.profile
@@ -6,7 +6,7 @@ include nicotine.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.nicotine
+nodeny  ${HOME}/.nicotine
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -21,9 +21,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.nicotine
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.nicotine
-whitelist /usr/share/GeoIP
+allow  ${DOWNLOADS}
+allow  ${HOME}/.nicotine
+allow  /usr/share/GeoIP
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile
index 8dba84f02b9..70fffd5d4f3 100644
--- a/etc/profile-m-z/nitroshare.profile
+++ b/etc/profile-m-z/nitroshare.profile
@@ -6,8 +6,8 @@ include nitroshare.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Nathan Osman
-noblacklist ${HOME}/.config/NitroShare
+nodeny  ${HOME}/.config/Nathan Osman
+nodeny  ${HOME}/.config/NitroShare
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index fa69f9214a7..7981ba6ae9c 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -7,22 +7,22 @@ include nodejs-common.local
 # added by caller profile
 #include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 ignore read-only ${HOME}/.npm-packages
 ignore read-only ${HOME}/.npmrc
 ignore read-only ${HOME}/.nvm
 ignore read-only ${HOME}/.yarnrc
 
-noblacklist ${HOME}/.node-gyp
-noblacklist ${HOME}/.npm
-noblacklist ${HOME}/.npmrc
-noblacklist ${HOME}/.nvm
-noblacklist ${HOME}/.yarn
-noblacklist ${HOME}/.yarn-config
-noblacklist ${HOME}/.yarncache
-noblacklist ${HOME}/.yarnrc
+nodeny  ${HOME}/.node-gyp
+nodeny  ${HOME}/.npm
+nodeny  ${HOME}/.npmrc
+nodeny  ${HOME}/.nvm
+nodeny  ${HOME}/.yarn
+nodeny  ${HOME}/.yarn-config
+nodeny  ${HOME}/.yarncache
+nodeny  ${HOME}/.yarnrc
 
 ignore noexec ${HOME}
 
@@ -58,9 +58,9 @@ include disable-xdg.inc
 #whitelist ${HOME}/Projects
 #include whitelist-common.inc
 
-whitelist /usr/share/doc/node
-whitelist /usr/share/nvm
-whitelist /usr/share/systemtap/tapset/node.stp
+allow  /usr/share/doc/node
+allow  /usr/share/nvm
+allow  /usr/share/systemtap/tapset/node.stp
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile
index a36dee87428..80fbd0fcb57 100644
--- a/etc/profile-m-z/nomacs.profile
+++ b/etc/profile-m-z/nomacs.profile
@@ -6,10 +6,10 @@ include nomacs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/nomacs
-noblacklist ${HOME}/.local/share/nomacs
-noblacklist ${HOME}/.local/share/data/nomacs
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/nomacs
+nodeny  ${HOME}/.local/share/nomacs
+nodeny  ${HOME}/.local/share/data/nomacs
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile
index 650118c9852..a3bcc040c82 100644
--- a/etc/profile-m-z/notify-send.profile
+++ b/etc/profile-m-z/notify-send.profile
@@ -7,7 +7,7 @@ include notify-send.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index c7a131a2c86..b3002ad0ed4 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -7,10 +7,10 @@ include nslookup.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
-noblacklist ${PATH}/nslookup
+nodeny  ${PATH}/nslookup
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${HOME}/.nslookuprc
+allow  ${HOME}/.nslookuprc
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile
index 886403b9ef9..67f54f9fca8 100644
--- a/etc/profile-m-z/nuclear.profile
+++ b/etc/profile-m-z/nuclear.profile
@@ -8,12 +8,12 @@ include globals.local
 
 ignore dbus-user
 
-noblacklist ${HOME}/.config/nuclear
+nodeny  ${HOME}/.config/nuclear
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/nuclear
-whitelist ${HOME}/.config/nuclear
+allow  ${HOME}/.config/nuclear
 
 no3d
 
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile
index fe0c2116b2f..ee7710b9cd2 100644
--- a/etc/profile-m-z/nylas.profile
+++ b/etc/profile-m-z/nylas.profile
@@ -5,8 +5,8 @@ include nylas.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Nylas Mail
-noblacklist ${HOME}/.nylas-mail
+nodeny  ${HOME}/.config/Nylas Mail
+nodeny  ${HOME}/.nylas-mail
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,9 +16,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/Nylas Mail
 mkdir ${HOME}/.nylas-mail
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/Nylas Mail
-whitelist ${HOME}/.nylas-mail
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/Nylas Mail
+allow  ${HOME}/.nylas-mail
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile
index d040d42af94..1d606f70c0e 100644
--- a/etc/profile-m-z/nyx.profile
+++ b/etc/profile-m-z/nyx.profile
@@ -10,7 +10,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
 
-noblacklist ${HOME}/.nyx
+nodeny  ${HOME}/.nyx
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,7 +22,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.nyx
-whitelist ${HOME}/.nyx
+allow  ${HOME}/.nyx
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile
index 9345cee4fff..f70bdc55af5 100644
--- a/etc/profile-m-z/obs.profile
+++ b/etc/profile-m-z/obs.profile
@@ -5,10 +5,10 @@ include obs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/obs-studio
-noblacklist ${MUSIC}
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/obs-studio
+nodeny  ${MUSIC}
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile
index 7be68a20148..792c2ffc6ca 100644
--- a/etc/profile-m-z/ocenaudio.profile
+++ b/etc/profile-m-z/ocenaudio.profile
@@ -6,9 +6,9 @@ include ocenaudio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/ocenaudio
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.local/share/ocenaudio
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile
index 6163d2e22c8..61b71ec10ce 100644
--- a/etc/profile-m-z/odt2txt.profile
+++ b/etc/profile-m-z/odt2txt.profile
@@ -6,9 +6,9 @@ include odt2txt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile
index ab8ccf623d3..feeed86cb5a 100644
--- a/etc/profile-m-z/okular.profile
+++ b/etc/profile-m-z/okular.profile
@@ -6,18 +6,18 @@ include okular.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/okular
-noblacklist ${HOME}/.config/okularpartrc
-noblacklist ${HOME}/.config/okularrc
-noblacklist ${HOME}/.kde/share/apps/okular
-noblacklist ${HOME}/.kde/share/config/okularpartrc
-noblacklist ${HOME}/.kde/share/config/okularrc
-noblacklist ${HOME}/.kde4/share/apps/okular
-noblacklist ${HOME}/.kde4/share/config/okularpartrc
-noblacklist ${HOME}/.kde4/share/config/okularrc
-noblacklist ${HOME}/.local/share/kxmlgui5/okular
-noblacklist ${HOME}/.local/share/okular
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/okular
+nodeny  ${HOME}/.config/okularpartrc
+nodeny  ${HOME}/.config/okularrc
+nodeny  ${HOME}/.kde/share/apps/okular
+nodeny  ${HOME}/.kde/share/config/okularpartrc
+nodeny  ${HOME}/.kde/share/config/okularrc
+nodeny  ${HOME}/.kde4/share/apps/okular
+nodeny  ${HOME}/.kde4/share/config/okularpartrc
+nodeny  ${HOME}/.kde4/share/config/okularrc
+nodeny  ${HOME}/.local/share/kxmlgui5/okular
+nodeny  ${HOME}/.local/share/okular
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,15 +28,15 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/config.kcfg/gssettings.kcfg
-whitelist /usr/share/config.kcfg/pdfsettings.kcfg
-whitelist /usr/share/config.kcfg/okular.kcfg
-whitelist /usr/share/config.kcfg/okular_core.kcfg
-whitelist /usr/share/ghostscript
-whitelist /usr/share/kconf_update/okular.upd
-whitelist /usr/share/kxmlgui5/okular
-whitelist /usr/share/okular
-whitelist /usr/share/poppler
+allow  /usr/share/config.kcfg/gssettings.kcfg
+allow  /usr/share/config.kcfg/pdfsettings.kcfg
+allow  /usr/share/config.kcfg/okular.kcfg
+allow  /usr/share/config.kcfg/okular_core.kcfg
+allow  /usr/share/ghostscript
+allow  /usr/share/kconf_update/okular.upd
+allow  /usr/share/kxmlgui5/okular
+allow  /usr/share/okular
+allow  /usr/share/poppler
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
index 5b367b639bd..748d1799574 100644
--- a/etc/profile-m-z/onboard.profile
+++ b/etc/profile-m-z/onboard.profile
@@ -6,7 +6,7 @@ include onboard.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/onboard
+nodeny  ${HOME}/.config/onboard
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/onboard
-whitelist ${HOME}/.config/onboard
-whitelist /usr/share/onboard
+allow  ${HOME}/.config/onboard
+allow  /usr/share/onboard
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile
index 960df903484..188818a7f13 100644
--- a/etc/profile-m-z/onionshare-gui.profile
+++ b/etc/profile-m-z/onionshare-gui.profile
@@ -5,7 +5,7 @@ include onionshare-gui.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/onionshare
+nodeny  ${HOME}/.config/onionshare
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile
index 7a840d4a923..6e2b31def01 100644
--- a/etc/profile-m-z/open-invaders.profile
+++ b/etc/profile-m-z/open-invaders.profile
@@ -6,7 +6,7 @@ include open-invaders.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.openinvaders
+nodeny  ${HOME}/.openinvaders
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.openinvaders
-whitelist ${HOME}/.openinvaders
+allow  ${HOME}/.openinvaders
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index 36ce0316f7f..dfc78e5a986 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -6,7 +6,7 @@ include openarena.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.openarena
+nodeny  ${HOME}/.openarena
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.openarena
-whitelist ${HOME}/.openarena
-whitelist /usr/share/openarena
+allow  ${HOME}/.openarena
+allow  /usr/share/openarena
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile
index b49fd9932a8..5a6b378f028 100644
--- a/etc/profile-m-z/openbox.profile
+++ b/etc/profile-m-z/openbox.profile
@@ -7,7 +7,7 @@ include openbox.local
 include globals.local
 
 # all applications started in openbox will run in this profile
-noblacklist ${HOME}/.config/openbox
+nodeny  ${HOME}/.config/openbox
 include disable-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile
index a3d371e15b9..268e7cee34c 100644
--- a/etc/profile-m-z/opencity.profile
+++ b/etc/profile-m-z/opencity.profile
@@ -6,7 +6,7 @@ include opencity.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.opencity
+nodeny  ${HOME}/.opencity
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.opencity
-whitelist ${HOME}/.opencity
+allow  ${HOME}/.opencity
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile
index 32b40df4265..588191cb3ac 100644
--- a/etc/profile-m-z/openclonk.profile
+++ b/etc/profile-m-z/openclonk.profile
@@ -6,7 +6,7 @@ include openclonk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.clonk
+nodeny  ${HOME}/.clonk
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.clonk
-whitelist ${HOME}/.clonk
+allow  ${HOME}/.clonk
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index d1fe67aed19..95d507c98c8 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -6,8 +6,8 @@ include openmw.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/openmw
-noblacklist ${HOME}/.local/share/openmw
+nodeny  ${HOME}/.config/openmw
+nodeny  ${HOME}/.local/share/openmw
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,11 +21,11 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/openmw
 mkdir ${HOME}/.local/share/openmw
-whitelist ${HOME}/.config/openmw
+allow  ${HOME}/.config/openmw
 # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt.
 # Alternatively you can whitelist custom paths in your openmw.local.
-whitelist ${HOME}/.local/share/openmw
-whitelist /usr/share/openmw
+allow  ${HOME}/.local/share/openmw
+allow  /usr/share/openmw
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile
index 6118630c467..ebb536b3ecf 100644
--- a/etc/profile-m-z/openshot.profile
+++ b/etc/profile-m-z/openshot.profile
@@ -6,8 +6,8 @@ include openshot.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.openshot
-noblacklist ${HOME}/.openshot_qt
+nodeny  ${HOME}/.openshot
+nodeny  ${HOME}/.openshot_qt
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/blender
-whitelist /usr/share/inkscape
+allow  /usr/share/blender
+allow  /usr/share/inkscape
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile
index 546958bb781..79c1f8ffa45 100644
--- a/etc/profile-m-z/openttd.profile
+++ b/etc/profile-m-z/openttd.profile
@@ -6,7 +6,7 @@ include openttd.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.openttd
+nodeny  ${HOME}/.openttd
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.openttd
-whitelist ${HOME}/.openttd
+allow  ${HOME}/.openttd
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile
index 551f1aba4fa..548afc0b4e0 100644
--- a/etc/profile-m-z/opera-beta.profile
+++ b/etc/profile-m-z/opera-beta.profile
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/opera
-noblacklist ${HOME}/.config/opera-beta
+nodeny  ${HOME}/.cache/opera
+nodeny  ${HOME}/.config/opera-beta
 
 mkdir ${HOME}/.cache/opera
 mkdir ${HOME}/.config/opera-beta
-whitelist ${HOME}/.cache/opera
-whitelist ${HOME}/.config/opera-beta
+allow  ${HOME}/.cache/opera
+allow  ${HOME}/.config/opera-beta
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile
index 2c7c5fc35bf..5a3fe064e31 100644
--- a/etc/profile-m-z/opera.profile
+++ b/etc/profile-m-z/opera.profile
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/opera
-noblacklist ${HOME}/.config/opera
-noblacklist ${HOME}/.opera
+nodeny  ${HOME}/.cache/opera
+nodeny  ${HOME}/.config/opera
+nodeny  ${HOME}/.opera
 
 mkdir ${HOME}/.cache/opera
 mkdir ${HOME}/.config/opera
 mkdir ${HOME}/.opera
-whitelist ${HOME}/.cache/opera
-whitelist ${HOME}/.config/opera
-whitelist ${HOME}/.opera
+allow  ${HOME}/.cache/opera
+allow  ${HOME}/.config/opera
+allow  ${HOME}/.opera
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile
index 4e4d8bea5bf..a49cbdb91e2 100644
--- a/etc/profile-m-z/orage.profile
+++ b/etc/profile-m-z/orage.profile
@@ -6,8 +6,8 @@ include orage.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/orage
-noblacklist ${HOME}/.local/share/orage
+nodeny  ${HOME}/.config/orage
+nodeny  ${HOME}/.local/share/orage
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile
index 310b9091996..ed881816e43 100644
--- a/etc/profile-m-z/ostrichriders.profile
+++ b/etc/profile-m-z/ostrichriders.profile
@@ -6,7 +6,7 @@ include ostrichriders.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ostrichriders
+nodeny  ${HOME}/.ostrichriders
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.ostrichriders
-whitelist ${HOME}/.ostrichriders
-whitelist /usr/share/ostrichriders
+allow  ${HOME}/.ostrichriders
+allow  /usr/share/ostrichriders
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index 20a4e25ede9..bc9e730a1aa 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/Otter
-noblacklist ${HOME}/.config/otter
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.cache/Otter
+nodeny  ${HOME}/.config/otter
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter
 mkdir ${HOME}/.config/otter
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/Otter
-whitelist ${HOME}/.config/otter
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
-whitelist /usr/share/otter-browser
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/Otter
+allow  ${HOME}/.config/otter
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
+allow  /usr/share/otter-browser
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile
index acb2ce1765c..503c141d898 100644
--- a/etc/profile-m-z/palemoon.profile
+++ b/etc/profile-m-z/palemoon.profile
@@ -5,13 +5,13 @@ include palemoon.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/moonchild productions/pale moon
-noblacklist ${HOME}/.moonchild productions/pale moon
+nodeny  ${HOME}/.cache/moonchild productions/pale moon
+nodeny  ${HOME}/.moonchild productions/pale moon
 
 mkdir ${HOME}/.cache/moonchild productions/pale moon
 mkdir ${HOME}/.moonchild productions
-whitelist ${HOME}/.cache/moonchild productions/pale moon
-whitelist ${HOME}/.moonchild productions
+allow  ${HOME}/.cache/moonchild productions/pale moon
+allow  ${HOME}/.moonchild productions
 
 # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60)
 seccomp
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile
index 513b4119ebd..a59f532982b 100644
--- a/etc/profile-m-z/pandoc.profile
+++ b/etc/profile-m-z/pandoc.profile
@@ -7,9 +7,9 @@ include pandoc.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile
index 0a4422a7376..a277d1cbcb5 100644
--- a/etc/profile-m-z/parole.profile
+++ b/etc/profile-m-z/parole.profile
@@ -6,8 +6,8 @@ include parole.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile
index 0de9681858e..156c3956da3 100644
--- a/etc/profile-m-z/patch.profile
+++ b/etc/profile-m-z/patch.profile
@@ -7,9 +7,9 @@ include patch.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile
index f96ba14d2cb..dcd69cdd02d 100644
--- a/etc/profile-m-z/pavucontrol-qt.profile
+++ b/etc/profile-m-z/pavucontrol-qt.profile
@@ -7,10 +7,10 @@ include pavucontrol-qt.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.config/pavucontrol-qt
+nodeny  ${HOME}/.config/pavucontrol-qt
 
 mkdir ${HOME}/.config/pavucontrol-qt
-whitelist ${HOME}/.config/pavucontrol-qt
+allow  ${HOME}/.config/pavucontrol-qt
 
 private-bin pavucontrol-qt
 ignore private-lib
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile
index b46fb302668..f44730c3335 100644
--- a/etc/profile-m-z/pavucontrol.profile
+++ b/etc/profile-m-z/pavucontrol.profile
@@ -6,7 +6,7 @@ include pavucontrol.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/pavucontrol.ini
+nodeny  ${HOME}/.config/pavucontrol.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 # whitelisting in ${HOME} is broken, see #3112
 #mkfile ${HOME}/.config/pavucontrol.ini
 #whitelist ${HOME}/.config/pavucontrol.ini
-whitelist /usr/share/pavucontrol
-whitelist /usr/share/pavucontrol-qt
+allow  /usr/share/pavucontrol
+allow  /usr/share/pavucontrol-qt
 #include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
index a6dab2a9ae2..3f920ced8a6 100644
--- a/etc/profile-m-z/pcsxr.profile
+++ b/etc/profile-m-z/pcsxr.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # Note: you must whitelist your games folder in your pcsxr.local
 
-noblacklist ${HOME}/.pcsxr
+nodeny  ${HOME}/.pcsxr
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,7 +21,7 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.pcsxr
-whitelist ${HOME}/.pcsxr
+allow  ${HOME}/.pcsxr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile
index d72417914e5..13a0110723c 100644
--- a/etc/profile-m-z/pdfchain.profile
+++ b/etc/profile-m-z/pdfchain.profile
@@ -5,7 +5,7 @@ include pdfchain.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile
index a19826555d3..e49ce8073c1 100644
--- a/etc/profile-m-z/pdfmod.profile
+++ b/etc/profile-m-z/pdfmod.profile
@@ -6,9 +6,9 @@ include pdfmod.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/pdfmod
-noblacklist ${HOME}/.config/pdfmod
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/pdfmod
+nodeny  ${HOME}/.config/pdfmod
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile
index e2808d4d221..67c14bbc3c2 100644
--- a/etc/profile-m-z/pdfsam.profile
+++ b/etc/profile-m-z/pdfsam.profile
@@ -6,7 +6,7 @@ include pdfsam.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile
index d3902a51cac..1c7ebfad54d 100644
--- a/etc/profile-m-z/pdftotext.profile
+++ b/etc/profile-m-z/pdftotext.profile
@@ -6,9 +6,9 @@ include pdftotext.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOCUMENTS}
-whitelist ${DOWNLOADS}
-whitelist /usr/share/poppler
+allow  ${DOCUMENTS}
+allow  ${DOWNLOADS}
+allow  /usr/share/poppler
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index c3395368792..e809625ad6a 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -5,9 +5,9 @@ include peek.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/peek
-noblacklist ${PICTURES}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.cache/peek
+nodeny  ${PICTURES}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile
index f5ad0321d9d..5ebd7b46237 100644
--- a/etc/profile-m-z/penguin-command.profile
+++ b/etc/profile-m-z/penguin-command.profile
@@ -6,7 +6,7 @@ include penguin-command.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.penguin-command
+nodeny  ${HOME}/.penguin-command
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 
-whitelist ${HOME}/.penguin-command
+allow  ${HOME}/.penguin-command
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile
index 40068ff78ab..8dd506850ba 100644
--- a/etc/profile-m-z/photoflare.profile
+++ b/etc/profile-m-z/photoflare.profile
@@ -6,7 +6,7 @@ include photoflare.local
 # Persistent global definitions
 include photoflare.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile
index a5ea470880b..ac178ee6cee 100644
--- a/etc/profile-m-z/picard.profile
+++ b/etc/profile-m-z/picard.profile
@@ -6,9 +6,9 @@ include picard.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/MusicBrainz
-noblacklist ${HOME}/.config/MusicBrainz
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/MusicBrainz
+nodeny  ${HOME}/.config/MusicBrainz
+nodeny  ${MUSIC}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile
index 26872e9a121..a65abeb2ede 100644
--- a/etc/profile-m-z/pidgin.profile
+++ b/etc/profile-m-z/pidgin.profile
@@ -9,7 +9,7 @@ include globals.local
 ignore noexec ${RUNUSER}
 ignore noexec /dev/shm
 
-noblacklist ${HOME}/.purple
+nodeny  ${HOME}/.purple
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.purple
-whitelist ${HOME}/.purple
-whitelist ${DOWNLOADS}
-whitelist ${PICTURES}
+allow  ${HOME}/.purple
+allow  ${DOWNLOADS}
+allow  ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile
index 2e17be2ce30..41e4fb6c09e 100644
--- a/etc/profile-m-z/pinball.profile
+++ b/etc/profile-m-z/pinball.profile
@@ -6,7 +6,7 @@ include pinball.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/emilia
+nodeny  ${HOME}/.config/emilia
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,11 +18,11 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/emilia
-whitelist ${HOME}/.config/emilia
+allow  ${HOME}/.config/emilia
 
-whitelist /usr/share/pinball
+allow  /usr/share/pinball
 # on debian games are stored under /usr/share/games
-whitelist /usr/share/games/pinball
+allow  /usr/share/games/pinball
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index e914007c092..65e77abfadc 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -7,8 +7,8 @@ include ping.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index f1fdfcbad52..aa2cfe203b1 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -6,12 +6,12 @@ include pingus.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.pingus
+nodeny  ${HOME}/.pingus
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.pingus
-whitelist ${HOME}/.pingus
-whitelist /usr/share/pingus
+allow  ${HOME}/.pingus
+allow  /usr/share/pingus
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile
index 19406c3991c..d0d4f1fce13 100644
--- a/etc/profile-m-z/pinta.profile
+++ b/etc/profile-m-z/pinta.profile
@@ -6,9 +6,9 @@ include pinta.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Pinta
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/Pinta
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile
index 721b3944a07..6cfea28b602 100644
--- a/etc/profile-m-z/pioneer.profile
+++ b/etc/profile-m-z/pioneer.profile
@@ -6,7 +6,7 @@ include pioneer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.pioneer
+nodeny  ${HOME}/.pioneer
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.pioneer
-whitelist ${HOME}/.pioneer
+allow  ${HOME}/.pioneer
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile
index 3de064311fb..acd7eeaf2d6 100644
--- a/etc/profile-m-z/pipe-viewer.profile
+++ b/etc/profile-m-z/pipe-viewer.profile
@@ -7,13 +7,13 @@ include pipe-viewer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/pipe-viewer
-noblacklist ${HOME}/.config/pipe-viewer
+nodeny  ${HOME}/.cache/pipe-viewer
+nodeny  ${HOME}/.config/pipe-viewer
 
 mkdir ${HOME}/.config/pipe-viewer
 mkdir ${HOME}/.cache/pipe-viewer
-whitelist ${HOME}/.cache/pipe-viewer
-whitelist ${HOME}/.config/pipe-viewer
+allow  ${HOME}/.cache/pipe-viewer
+allow  ${HOME}/.config/pipe-viewer
 
 private-bin gtk-pipe-viewer,pipe-viewer
 
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile
index a2dd809c490..abce4c9111a 100644
--- a/etc/profile-m-z/pitivi.profile
+++ b/etc/profile-m-z/pitivi.profile
@@ -6,7 +6,7 @@ include pitivi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/pitivi
+nodeny  ${HOME}/.config/pitivi
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile
index 81d3e9370b8..63451d352f0 100644
--- a/etc/profile-m-z/pix.profile
+++ b/etc/profile-m-z/pix.profile
@@ -5,10 +5,10 @@ include pix.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/pix
-noblacklist ${HOME}/.local/share/pix
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.config/pix
+nodeny  ${HOME}/.local/share/pix
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
index 4eb41b3bd53..13d7db7f7cb 100644
--- a/etc/profile-m-z/pkglog.profile
+++ b/etc/profile-m-z/pkglog.profile
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /var/log/apt/history.log
-whitelist /var/log/dnf.rpm.log
-whitelist /var/log/pacman.log
+allow  /var/log/apt/history.log
+allow  /var/log/dnf.rpm.log
+allow  /var/log/pacman.log
 
 apparmor
 caps.drop all
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile
index 8e98905b542..9c23841e2e4 100644
--- a/etc/profile-m-z/playonlinux.profile
+++ b/etc/profile-m-z/playonlinux.profile
@@ -7,10 +7,10 @@ include playonlinux.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.PlayOnLinux
+nodeny  ${HOME}/.PlayOnLinux
 
 # nc is needed to run playonlinux
-noblacklist ${PATH}/nc
+nodeny  ${PATH}/nc
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile
index 10e12e5b14b..ab7e0c64bd5 100644
--- a/etc/profile-m-z/pluma.profile
+++ b/etc/profile-m-z/pluma.profile
@@ -6,8 +6,8 @@ include pluma.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/enchant
-noblacklist ${HOME}/.config/pluma
+nodeny  ${HOME}/.config/enchant
+nodeny  ${HOME}/.config/pluma
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile
index 5201fd8530e..02cb83ef60c 100644
--- a/etc/profile-m-z/plv.profile
+++ b/etc/profile-m-z/plv.profile
@@ -6,7 +6,7 @@ include plv.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/PacmanLogViewer
+nodeny  ${HOME}/.config/PacmanLogViewer
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/PacmanLogViewer
-whitelist ${HOME}/.config/PacmanLogViewer
-whitelist /var/log/pacman.log
+allow  ${HOME}/.config/PacmanLogViewer
+allow  /var/log/pacman.log
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile
index 8a181d5a845..2c4dda43ed7 100644
--- a/etc/profile-m-z/pngquant.profile
+++ b/etc/profile-m-z/pngquant.profile
@@ -7,9 +7,9 @@ include pngquant.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile
index a3d4f985140..115ac36ab6b 100644
--- a/etc/profile-m-z/polari.profile
+++ b/etc/profile-m-z/polari.profile
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy
 mkdir ${HOME}/.local/share/TpLogger
 mkdir ${HOME}/.local/share/telepathy
 mkdir ${HOME}/.purple
-whitelist ${HOME}/.cache/telepathy
-whitelist ${HOME}/.config/telepathy-account-widgets
-whitelist ${HOME}/.local/share/Empathy
-whitelist ${HOME}/.local/share/TpLogger
-whitelist ${HOME}/.local/share/telepathy
-whitelist ${HOME}/.purple
+allow  ${HOME}/.cache/telepathy
+allow  ${HOME}/.config/telepathy-account-widgets
+allow  ${HOME}/.local/share/Empathy
+allow  ${HOME}/.local/share/TpLogger
+allow  ${HOME}/.local/share/telepathy
+allow  ${HOME}/.purple
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index 1f73c1d8984..10c59ea3249 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -8,7 +8,7 @@ include globals.local
 
 # Note: you must whitelist your games folder in your ppsspp.local.
 
-noblacklist ${HOME}/.config/ppsspp
+nodeny  ${HOME}/.config/ppsspp
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-write-mnt.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/ppsspp
-whitelist ${HOME}/.config/ppsspp
-whitelist /usr/share/ppsspp
+allow  ${HOME}/.config/ppsspp
+allow  /usr/share/ppsspp
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile
index f138d785e33..9b03bf63256 100644
--- a/etc/profile-m-z/pragha.profile
+++ b/etc/profile-m-z/pragha.profile
@@ -6,8 +6,8 @@ include pragha.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/pragha
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/pragha
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile
index 743458725f0..137b4cb2079 100644
--- a/etc/profile-m-z/profanity.profile
+++ b/etc/profile-m-z/profanity.profile
@@ -7,8 +7,8 @@ include profanity.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/profanity
-noblacklist ${HOME}/.local/share/profanity
+nodeny  ${HOME}/.config/profanity
+nodeny  ${HOME}/.local/share/profanity
 
 # Allow Python
 include allow-python2.inc
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile
index 5ac58b0acef..b0e28baf7b7 100644
--- a/etc/profile-m-z/psi-plus.profile
+++ b/etc/profile-m-z/psi-plus.profile
@@ -6,8 +6,8 @@ include psi-plus.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/psi+
-noblacklist ${HOME}/.local/share/psi+
+nodeny  ${HOME}/.config/psi+
+nodeny  ${HOME}/.local/share/psi+
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,10 +19,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/psi+
 mkdir ${HOME}/.config/psi+
 mkdir ${HOME}/.local/share/psi+
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/psi+
-whitelist ${HOME}/.config/psi+
-whitelist ${HOME}/.local/share/psi+
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/psi+
+allow  ${HOME}/.config/psi+
+allow  ${HOME}/.local/share/psi+
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
index 7e0ef99fccd..2588c3b75c7 100644
--- a/etc/profile-m-z/psi.profile
+++ b/etc/profile-m-z/psi.profile
@@ -8,11 +8,11 @@ include globals.local
 
 # Add the next line to your psi.local to enable GPG support.
 #noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.cache/psi
-noblacklist ${HOME}/.cache/Psi
-noblacklist ${HOME}/.config/psi
-noblacklist ${HOME}/.local/share/psi
-noblacklist ${HOME}/.local/share/Psi
+nodeny  ${HOME}/.cache/psi
+nodeny  ${HOME}/.cache/Psi
+nodeny  ${HOME}/.config/psi
+nodeny  ${HOME}/.local/share/psi
+nodeny  ${HOME}/.local/share/Psi
 
 include disable-common.inc
 include disable-devel.inc
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi
 mkdir ${HOME}/.local/share/Psi
 # Add the next line to your psi.local to enable GPG support.
 #whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.cache/psi
-whitelist ${HOME}/.cache/Psi
-whitelist ${HOME}/.config/psi
-whitelist ${HOME}/.local/share/psi
-whitelist ${HOME}/.local/share/Psi
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/psi
+allow  ${HOME}/.cache/Psi
+allow  ${HOME}/.config/psi
+allow  ${HOME}/.local/share/psi
+allow  ${HOME}/.local/share/Psi
+allow  ${DOWNLOADS}
 # Add the next lines to your psi.local to enable GPG support.
 #whitelist /usr/share/gnupg
 #whitelist /usr/share/gnupg2
-whitelist /usr/share/psi
+allow  /usr/share/psi
 # Add the next lines to your psi.local to enable GPG support.
 #whitelist ${RUNUSER}/gnupg
 #whitelist ${RUNUSER}/keyring
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile
index 60ae3793077..1f0e83ab62c 100644
--- a/etc/profile-m-z/pybitmessage.profile
+++ b/etc/profile-m-z/pybitmessage.profile
@@ -5,9 +5,9 @@ include pybitmessage.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/local/sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/local/sbin
+nodeny  /usr/sbin
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile
index 00d7239ae6e..b6c08290e0a 100644
--- a/etc/profile-m-z/pycharm-community.profile
+++ b/etc/profile-m-z/pycharm-community.profile
@@ -5,7 +5,7 @@ include pycharm-community.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.PyCharmCE*
+nodeny  ${HOME}/.PyCharmCE*
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile
index b754a18c944..fa0932cc012 100644
--- a/etc/profile-m-z/pycharm-professional.profile
+++ b/etc/profile-m-z/pycharm-professional.profile
@@ -6,7 +6,7 @@ include pyucharm-professional.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.PyCharm*
+nodeny  ${HOME}/.PyCharm*
 
 # Redirect
 include pycharm-community.profile
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile
index 506b738ccc6..fb8e622b085 100644
--- a/etc/profile-m-z/qbittorrent.profile
+++ b/etc/profile-m-z/qbittorrent.profile
@@ -6,10 +6,10 @@ include qbittorrent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/qBittorrent
-noblacklist ${HOME}/.config/qBittorrent
-noblacklist ${HOME}/.config/qBittorrentrc
-noblacklist ${HOME}/.local/share/data/qBittorrent
+nodeny  ${HOME}/.cache/qBittorrent
+nodeny  ${HOME}/.config/qBittorrent
+nodeny  ${HOME}/.config/qBittorrentrc
+nodeny  ${HOME}/.local/share/data/qBittorrent
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent
 mkdir ${HOME}/.config/qBittorrent
 mkfile ${HOME}/.config/qBittorrentrc
 mkdir ${HOME}/.local/share/data/qBittorrent
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/qBittorrent
-whitelist ${HOME}/.config/qBittorrent
-whitelist ${HOME}/.config/qBittorrentrc
-whitelist ${HOME}/.local/share/data/qBittorrent
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/qBittorrent
+allow  ${HOME}/.config/qBittorrent
+allow  ${HOME}/.config/qBittorrentrc
+allow  ${HOME}/.local/share/data/qBittorrent
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
index 0e52d7fc474..7bcc4b06562 100644
--- a/etc/profile-m-z/qcomicbook.profile
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -6,10 +6,10 @@ include qcomicbook.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/PawelStolowski
-noblacklist ${HOME}/.config/PawelStolowski
-noblacklist ${HOME}/.local/share/PawelStolowski
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/PawelStolowski
+nodeny  ${HOME}/.config/PawelStolowski
+nodeny  ${HOME}/.local/share/PawelStolowski
+nodeny  ${DOCUMENTS}
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -27,7 +27,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/PawelStolowski
 mkdir ${HOME}/.config/PawelStolowski
 mkdir ${HOME}/.local/share/PawelStolowski
-whitelist /usr/share/qcomicbook
+allow  /usr/share/qcomicbook
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile
index ac60384fd3b..d527a2b8264 100644
--- a/etc/profile-m-z/qemu-launcher.profile
+++ b/etc/profile-m-z/qemu-launcher.profile
@@ -5,7 +5,7 @@ include qemu-launcher.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.qemu-launcher
+nodeny  ${HOME}/.qemu-launcher
 
 include disable-common.inc
 include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile
index 2e97daea25f..e99140c22c4 100644
--- a/etc/profile-m-z/qgis.profile
+++ b/etc/profile-m-z/qgis.profile
@@ -6,10 +6,10 @@ include qgis.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/QGIS
-noblacklist ${HOME}/.local/share/QGIS
-noblacklist ${HOME}/.qgis2
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/QGIS
+nodeny  ${HOME}/.local/share/QGIS
+nodeny  ${HOME}/.qgis2
+nodeny  ${DOCUMENTS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -25,10 +25,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.local/share/QGIS
 mkdir ${HOME}/.qgis2
 mkdir ${HOME}/.config/QGIS
-whitelist ${HOME}/.local/share/QGIS
-whitelist ${HOME}/.qgis2
-whitelist ${HOME}/.config/QGIS
-whitelist ${DOCUMENTS}
+allow  ${HOME}/.local/share/QGIS
+allow  ${HOME}/.qgis2
+allow  ${HOME}/.config/QGIS
+allow  ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile
index 6e94d58453a..75dc58ae408 100644
--- a/etc/profile-m-z/qlipper.profile
+++ b/etc/profile-m-z/qlipper.profile
@@ -6,7 +6,7 @@ include qlipper.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Qlipper
+nodeny  ${HOME}/.config/Qlipper
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile
index c3d982c1756..d37fce997ed 100644
--- a/etc/profile-m-z/qmmp.profile
+++ b/etc/profile-m-z/qmmp.profile
@@ -6,8 +6,8 @@ include qmmp.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.qmmp
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.qmmp
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile
index ca11df5be82..f1234005294 100644
--- a/etc/profile-m-z/qnapi.profile
+++ b/etc/profile-m-z/qnapi.profile
@@ -6,7 +6,7 @@ include qnapi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/qnapi.ini
+nodeny  ${HOME}/.config/qnapi.ini
 
 ignore noexec /tmp
 
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.config/qnapi.ini
-whitelist ${HOME}/.config/qnapi.ini
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/qnapi.ini
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile
index be690ffa41a..62fae324cf7 100644
--- a/etc/profile-m-z/qpdfview.profile
+++ b/etc/profile-m-z/qpdfview.profile
@@ -6,9 +6,9 @@ include qpdfview.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/qpdfview
-noblacklist ${HOME}/.local/share/qpdfview
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/qpdfview
+nodeny  ${HOME}/.local/share/qpdfview
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile
index 6cbf8519feb..5f0aec80405 100644
--- a/etc/profile-m-z/qrencode.profile
+++ b/etc/profile-m-z/qrencode.profile
@@ -7,7 +7,7 @@ include qrencode.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile
index 8ffe24d11a7..1ad46814ec9 100644
--- a/etc/profile-m-z/qtox.profile
+++ b/etc/profile-m-z/qtox.profile
@@ -6,8 +6,8 @@ include qtox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Tox
-noblacklist ${HOME}/.config/tox
+nodeny  ${HOME}/.cache/Tox
+nodeny  ${HOME}/.config/tox
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/tox
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/tox
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile
index 91e0d9d0d7f..aee24925c5e 100644
--- a/etc/profile-m-z/quadrapassel.profile
+++ b/etc/profile-m-z/quadrapassel.profile
@@ -6,11 +6,11 @@ include quadrapassel.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/quadrapassel
+nodeny  ${HOME}/.local/share/quadrapassel
 
 mkdir ${HOME}/.local/share/quadrapassel
-whitelist ${HOME}/.local/share/quadrapassel
-whitelist /usr/share/quadrapassel
+allow  ${HOME}/.local/share/quadrapassel
+allow  /usr/share/quadrapassel
 
 private-bin quadrapassel
 
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
index 1d146aa3984..a319e1e1230 100644
--- a/etc/profile-m-z/quaternion.profile
+++ b/etc/profile-m-z/quaternion.profile
@@ -6,8 +6,8 @@ include quaternion.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Quotient/quaternion
-noblacklist ${HOME}/.config/Quotient
+nodeny  ${HOME}/.cache/Quotient/quaternion
+nodeny  ${HOME}/.config/Quotient
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,10 +20,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/Quotient/quaternion
 mkdir ${HOME}/.config/Quotient
-whitelist ${HOME}/.cache/Quotient/quaternion
-whitelist ${HOME}/.config/Quotient
-whitelist ${DOWNLOADS}
-whitelist /usr/share/Quotient/quaternion
+allow  ${HOME}/.cache/Quotient/quaternion
+allow  ${HOME}/.config/Quotient
+allow  ${DOWNLOADS}
+allow  /usr/share/Quotient/quaternion
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile
index 9490089b2c9..2693f2ed522 100644
--- a/etc/profile-m-z/quiterss.profile
+++ b/etc/profile-m-z/quiterss.profile
@@ -6,10 +6,10 @@ include quiterss.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/QuiteRss
-noblacklist ${HOME}/.config/QuiteRss
-noblacklist ${HOME}/.config/QuiteRssrc
-noblacklist ${HOME}/.local/share/QuiteRss
+nodeny  ${HOME}/.cache/QuiteRss
+nodeny  ${HOME}/.config/QuiteRss
+nodeny  ${HOME}/.config/QuiteRssrc
+nodeny  ${HOME}/.local/share/QuiteRss
 
 include disable-common.inc
 include disable-devel.inc
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data
 mkdir ${HOME}/.local/share/data/QuiteRss
 mkdir ${HOME}/.local/share/QuiteRss
 mkfile ${HOME}/quiterssfeeds.opml
-whitelist ${HOME}/.cache/QuiteRss
-whitelist ${HOME}/.config/QuiteRss
-whitelist ${HOME}/.config/QuiteRssrc
-whitelist ${HOME}/.local/share/data/QuiteRss
-whitelist ${HOME}/.local/share/QuiteRss
-whitelist ${HOME}/quiterssfeeds.opml
+allow  ${HOME}/.cache/QuiteRss
+allow  ${HOME}/.config/QuiteRss
+allow  ${HOME}/.config/QuiteRssrc
+allow  ${HOME}/.local/share/data/QuiteRss
+allow  ${HOME}/.local/share/QuiteRss
+allow  ${HOME}/quiterssfeeds.opml
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile
index 92b02b2bfc9..52c120c080c 100644
--- a/etc/profile-m-z/quodlibet.profile
+++ b/etc/profile-m-z/quodlibet.profile
@@ -6,10 +6,10 @@ include quodlibet.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/quodlibet
-noblacklist ${HOME}/.config/quodlibet
-noblacklist ${HOME}/.quodlibet
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/quodlibet
+nodeny  ${HOME}/.config/quodlibet
+nodeny  ${HOME}/.quodlibet
+nodeny  ${MUSIC}
 
 include allow-bin-sh.inc
 
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet
 mkdir ${HOME}/.config/quodlibet
 mkdir ${HOME}/.quodlibet
 
-whitelist ${HOME}/.cache/quodlibet
-whitelist ${HOME}/.config/quodlibet
-whitelist ${HOME}/.quodlibet
-whitelist ${DOWNLOADS}
-whitelist ${MUSIC}
+allow  ${HOME}/.cache/quodlibet
+allow  ${HOME}/.config/quodlibet
+allow  ${HOME}/.quodlibet
+allow  ${DOWNLOADS}
+allow  ${MUSIC}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile
index 7aa71c8488c..9bc91808bf3 100644
--- a/etc/profile-m-z/qupzilla.profile
+++ b/etc/profile-m-z/qupzilla.profile
@@ -6,8 +6,8 @@ include qupzilla.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/qupzilla
-noblacklist ${HOME}/.config/qupzilla
+nodeny  ${HOME}/.cache/qupzilla
+nodeny  ${HOME}/.config/qupzilla
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/qupzilla
 mkdir ${HOME}/.config/qupzilla
-whitelist ${HOME}/.cache/qupzilla
-whitelist ${HOME}/.config/qupzilla
+allow  ${HOME}/.cache/qupzilla
+allow  ${HOME}/.config/qupzilla
 
 # Redirect
 include falkon.profile
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile
index fc910b589c3..a342e2acd59 100644
--- a/etc/profile-m-z/qutebrowser.profile
+++ b/etc/profile-m-z/qutebrowser.profile
@@ -6,9 +6,9 @@ include qutebrowser.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/qutebrowser
-noblacklist ${HOME}/.config/qutebrowser
-noblacklist ${HOME}/.local/share/qutebrowser
+nodeny  ${HOME}/.cache/qutebrowser
+nodeny  ${HOME}/.config/qutebrowser
+nodeny  ${HOME}/.local/share/qutebrowser
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,10 +22,10 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/qutebrowser
 mkdir ${HOME}/.config/qutebrowser
 mkdir ${HOME}/.local/share/qutebrowser
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/qutebrowser
-whitelist ${HOME}/.config/qutebrowser
-whitelist ${HOME}/.local/share/qutebrowser
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/qutebrowser
+allow  ${HOME}/.config/qutebrowser
+allow  ${HOME}/.local/share/qutebrowser
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile
index ffa2022eec5..b1059cee8c4 100644
--- a/etc/profile-m-z/rambox.profile
+++ b/etc/profile-m-z/rambox.profile
@@ -6,9 +6,9 @@ include rambox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Rambox
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.config/Rambox
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Rambox
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/Rambox
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/Rambox
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile
index 9bc196a161a..3b56f651f14 100644
--- a/etc/profile-m-z/redeclipse.profile
+++ b/etc/profile-m-z/redeclipse.profile
@@ -6,7 +6,7 @@ include redeclipse.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.redeclipse
+nodeny  ${HOME}/.redeclipse
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.redeclipse
-whitelist ${HOME}/.redeclipse
-whitelist /usr/share/redeclipse
+allow  ${HOME}/.redeclipse
+allow  /usr/share/redeclipse
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile
index f87c5f67cb7..3035e1d74c1 100644
--- a/etc/profile-m-z/redshift.profile
+++ b/etc/profile-m-z/redshift.profile
@@ -7,8 +7,8 @@ include redshift.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/redshift
-noblacklist ${HOME}/.config/redshift.conf
+nodeny  ${HOME}/.config/redshift
+nodeny  ${HOME}/.config/redshift.conf
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/redshift
-whitelist ${HOME}/.config/redshift
-whitelist ${HOME}/.config/redshift.conf
+allow  ${HOME}/.config/redshift
+allow  ${HOME}/.config/redshift.conf
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile
index f5131c5d099..82feafab9d4 100644
--- a/etc/profile-m-z/regextester.profile
+++ b/etc/profile-m-z/regextester.profile
@@ -15,7 +15,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/com.github.artemanufrij.regextester
+allow  /usr/share/com.github.artemanufrij.regextester
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile
index aca22f18706..3f385f60240 100644
--- a/etc/profile-m-z/remmina.profile
+++ b/etc/profile-m-z/remmina.profile
@@ -6,9 +6,9 @@ include remmina.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.remmina
-noblacklist ${HOME}/.config/remmina
-noblacklist ${HOME}/.local/share/remmina
+nodeny  ${HOME}/.remmina
+nodeny  ${HOME}/.config/remmina
+nodeny  ${HOME}/.local/share/remmina
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile
index 970e8ffbaf1..c532d3dc185 100644
--- a/etc/profile-m-z/rhythmbox.profile
+++ b/etc/profile-m-z/rhythmbox.profile
@@ -6,9 +6,9 @@ include rhythmbox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${MUSIC}
-noblacklist ${HOME}/.cache/rhythmbox
-noblacklist ${HOME}/.local/share/rhythmbox
+nodeny  ${MUSIC}
+nodeny  ${HOME}/.cache/rhythmbox
+nodeny  ${HOME}/.local/share/rhythmbox
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -26,10 +26,10 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/rhythmbox
-whitelist /usr/share/lua
-whitelist /usr/share/libquvi-scripts
-whitelist /usr/share/tracker
+allow  /usr/share/rhythmbox
+allow  /usr/share/lua
+allow  /usr/share/libquvi-scripts
+allow  /usr/share/tracker
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile
index b664a2be375..c3ee57ef320 100644
--- a/etc/profile-m-z/ricochet.profile
+++ b/etc/profile-m-z/ricochet.profile
@@ -5,7 +5,7 @@ include ricochet.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/Ricochet
+nodeny  ${HOME}/.local/share/Ricochet
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.local/share/Ricochet
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.local/share/Ricochet
+allow  ${DOWNLOADS}
+allow  ${HOME}/.local/share/Ricochet
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile
index 687c943b09d..782396a5054 100644
--- a/etc/profile-m-z/riot-web.profile
+++ b/etc/profile-m-z/riot-web.profile
@@ -8,11 +8,11 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Riot
+nodeny  ${HOME}/.config/Riot
 
 mkdir ${HOME}/.config/Riot
-whitelist ${HOME}/.config/Riot
-whitelist /usr/share/webapps/element
+allow  ${HOME}/.config/Riot
+allow  /usr/share/webapps/element
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile
index be815e7144c..c97ac80905f 100644
--- a/etc/profile-m-z/ripperx.profile
+++ b/etc/profile-m-z/ripperx.profile
@@ -6,8 +6,8 @@ include ripperx.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ripperXrc
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.ripperXrc
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile
index 5572cab5a74..109d2f8f13a 100644
--- a/etc/profile-m-z/ristretto.profile
+++ b/etc/profile-m-z/ristretto.profile
@@ -6,9 +6,9 @@ include ristretto.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/ristretto
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.config/ristretto
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile
index 8d3607c75bd..1a76c4211ed 100644
--- a/etc/profile-m-z/rocketchat.profile
+++ b/etc/profile-m-z/rocketchat.profile
@@ -21,10 +21,10 @@ ignore private-cache
 ignore private-dev
 ignore private-tmp
 
-noblacklist ${HOME}/.config/Rocket.Chat
+nodeny  ${HOME}/.config/Rocket.Chat
 
 mkdir ${HOME}/.config/Rocket.Chat
-whitelist ${HOME}/.config/Rocket.Chat
+allow  ${HOME}/.config/Rocket.Chat
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 690b44bb18a..4807b7d36fe 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -11,8 +11,8 @@ include globals.local
 # not as a daemon (rsync --daemon) nor to create backups.
 # Usage: firejail --profile=rsync-download_only rsync
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile
index cc6db504326..6b7d6b15599 100644
--- a/etc/profile-m-z/rtv-addons.profile
+++ b/etc/profile-m-z/rtv-addons.profile
@@ -11,16 +11,16 @@ ignore nosound
 ignore private-bin
 ignore dbus-user none
 
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.mailcap
-noblacklist ${HOME}/.netrc
-noblacklist ${HOME}/.w3m
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.mailcap
+nodeny  ${HOME}/.netrc
+nodeny  ${HOME}/.w3m
 
-whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
-whitelist ${HOME}/.config/mpv
-whitelist ${HOME}/.mailcap
-whitelist ${HOME}/.netrc
-whitelist ${HOME}/.w3m
+allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+allow  ${HOME}/.config/mpv
+allow  ${HOME}/.mailcap
+allow  ${HOME}/.netrc
+allow  ${HOME}/.w3m
 
 #private-bin w3m,mpv,youtube-dl
 
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index 2f1fe015599..074050792b9 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -6,11 +6,11 @@ include rtv.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.config/rtv
-noblacklist ${HOME}/.local/share/rtv
+nodeny  ${HOME}/.config/rtv
+nodeny  ${HOME}/.local/share/rtv
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -33,8 +33,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/rtv
 mkdir ${HOME}/.local/share/rtv
-whitelist ${HOME}/.config/rtv
-whitelist ${HOME}/.local/share/rtv
+allow  ${HOME}/.config/rtv
+allow  ${HOME}/.local/share/rtv
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile
index de79913cc09..963f5da02bc 100644
--- a/etc/profile-m-z/sayonara.profile
+++ b/etc/profile-m-z/sayonara.profile
@@ -5,8 +5,8 @@ include sayonara.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.Sayonara
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.Sayonara
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile
index eb8468c3baf..26550b5e0c5 100644
--- a/etc/profile-m-z/scallion.profile
+++ b/etc/profile-m-z/scallion.profile
@@ -6,10 +6,10 @@ include scallion.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PATH}/llvm*
-noblacklist ${PATH}/openssl
-noblacklist ${PATH}/openssl-1.0
-noblacklist ${DOCUMENTS}
+nodeny  ${PATH}/llvm*
+nodeny  ${PATH}/openssl
+nodeny  ${PATH}/openssl-1.0
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-exec.inc
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile
index b1989e474c2..921efb49e0b 100644
--- a/etc/profile-m-z/scorched3d.profile
+++ b/etc/profile-m-z/scorched3d.profile
@@ -6,7 +6,7 @@ include scorched3d.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.scorched3d
+nodeny  ${HOME}/.scorched3d
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.scorched3d
-whitelist ${HOME}/.scorched3d
-whitelist /usr/share/scorched3d
-whitelist /usr/share/games/scorched3d
+allow  ${HOME}/.scorched3d
+allow  /usr/share/scorched3d
+allow  /usr/share/games/scorched3d
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile
index 2cb1df6b553..54a6c3a012e 100644
--- a/etc/profile-m-z/scorchwentbonkers.profile
+++ b/etc/profile-m-z/scorchwentbonkers.profile
@@ -6,7 +6,7 @@ include scorchwentbonkers.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.swb.ini
+nodeny  ${HOME}/.swb.ini
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.swb.ini
-whitelist ${HOME}/.swb.ini
-whitelist /usr/share/scorchwentbonkers
+allow  ${HOME}/.swb.ini
+allow  /usr/share/scorchwentbonkers
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile
index 1fdeaa14575..6519f8e8748 100644
--- a/etc/profile-m-z/scribus.profile
+++ b/etc/profile-m-z/scribus.profile
@@ -7,24 +7,24 @@ include scribus.local
 include globals.local
 
 # Support for PDF readers comes with Scribus 1.5 and higher
-noblacklist ${HOME}/.cache/okular
-noblacklist ${HOME}/.config/GIMP
-noblacklist ${HOME}/.config/okularpartrc
-noblacklist ${HOME}/.config/okularrc
-noblacklist ${HOME}/.config/scribus
-noblacklist ${HOME}/.config/scribusrc
-noblacklist ${HOME}/.gimp*
-noblacklist ${HOME}/.kde/share/apps/okular
-noblacklist ${HOME}/.kde/share/config/okularpartrc
-noblacklist ${HOME}/.kde/share/config/okularrc
-noblacklist ${HOME}/.kde4/share/apps/okular
-noblacklist ${HOME}/.kde4/share/config/okularpartrc
-noblacklist ${HOME}/.kde4/share/config/okularrc
-noblacklist ${HOME}/.local/share/okular
-noblacklist ${HOME}/.local/share/scribus
-noblacklist ${HOME}/.scribus
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.cache/okular
+nodeny  ${HOME}/.config/GIMP
+nodeny  ${HOME}/.config/okularpartrc
+nodeny  ${HOME}/.config/okularrc
+nodeny  ${HOME}/.config/scribus
+nodeny  ${HOME}/.config/scribusrc
+nodeny  ${HOME}/.gimp*
+nodeny  ${HOME}/.kde/share/apps/okular
+nodeny  ${HOME}/.kde/share/config/okularpartrc
+nodeny  ${HOME}/.kde/share/config/okularrc
+nodeny  ${HOME}/.kde4/share/apps/okular
+nodeny  ${HOME}/.kde4/share/config/okularpartrc
+nodeny  ${HOME}/.kde4/share/config/okularrc
+nodeny  ${HOME}/.local/share/okular
+nodeny  ${HOME}/.local/share/scribus
+nodeny  ${HOME}/.scribus
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile
index 7799ab7edee..95cedac3fd5 100644
--- a/etc/profile-m-z/seahorse-adventures.profile
+++ b/etc/profile-m-z/seahorse-adventures.profile
@@ -22,8 +22,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/seahorse-adventures
-whitelist /usr/share/games/seahorse-adventures
+allow  /usr/share/seahorse-adventures
+allow  /usr/share/games/seahorse-adventures
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index d3d8e453f7c..66605173b64 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -6,9 +6,9 @@ include seahorse.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
+deny  /tmp/.X11-unix
 
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.gnupg
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -27,13 +27,13 @@ include disable-xdg.inc
 #mkdir ${HOME}/.ssh
 #whitelist ${HOME}/.gnupg
 #whitelist ${HOME}/.ssh
-whitelist /tmp/ssh-*
-whitelist /usr/share/gnupg
-whitelist /usr/share/gnupg2
-whitelist /usr/share/seahorse
-whitelist /usr/share/seahorse-nautilus
-whitelist ${RUNUSER}/gnupg
-whitelist ${RUNUSER}/keyring
+allow  /tmp/ssh-*
+allow  /usr/share/gnupg
+allow  /usr/share/gnupg2
+allow  /usr/share/seahorse
+allow  /usr/share/seahorse-nautilus
+allow  ${RUNUSER}/gnupg
+allow  ${RUNUSER}/keyring
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile
index 807effbebe9..c9867719a63 100644
--- a/etc/profile-m-z/seamonkey.profile
+++ b/etc/profile-m-z/seamonkey.profile
@@ -6,10 +6,10 @@ include seamonkey.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/mozilla
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
+nodeny  ${HOME}/.cache/mozilla
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.pki
+nodeny  ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla
 mkdir ${HOME}/.mozilla
 mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
-whitelist ${HOME}/.cache/mozilla
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/pipelight-silverlight5.1
-whitelist ${HOME}/.config/pipelight-widevine
-whitelist ${HOME}/.keysnail.js
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.mozilla
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.wine-pipelight
-whitelist ${HOME}/.wine-pipelight64
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/gnome-mplayer/plugin
+allow  ${HOME}/.cache/mozilla
+allow  ${HOME}/.config/gnome-mplayer
+allow  ${HOME}/.config/pipelight-silverlight5.1
+allow  ${HOME}/.config/pipelight-widevine
+allow  ${HOME}/.keysnail.js
+allow  ${HOME}/.lastpass
+allow  ${HOME}/.mozilla
+allow  ${HOME}/.pentadactyl
+allow  ${HOME}/.pentadactylrc
+allow  ${HOME}/.pki
+allow  ${HOME}/.local/share/pki
+allow  ${HOME}/.vimperator
+allow  ${HOME}/.vimperatorrc
+allow  ${HOME}/.wine-pipelight
+allow  ${HOME}/.wine-pipelight64
+allow  ${HOME}/.zotero
+allow  ${HOME}/dwhelper
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 7d56684dbbc..23f46463791 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -32,12 +32,12 @@ include globals.local
 # it allows /sbin and /usr/sbin directories - this is where servers are installed
 # depending on your usage, you can enable some of the commands below:
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 # noblacklist /var/opt
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile
index b7f398f454d..0cb9de45a9f 100644
--- a/etc/profile-m-z/shellcheck.profile
+++ b/etc/profile-m-z/shellcheck.profile
@@ -7,9 +7,9 @@ include shellcheck.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/shellcheck
+allow  /usr/share/shellcheck
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile
index d629240ecf4..a8e5f6b1854 100644
--- a/etc/profile-m-z/shortwave.profile
+++ b/etc/profile-m-z/shortwave.profile
@@ -6,8 +6,8 @@ include shortwave.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Shortwave
-noblacklist ${HOME}/.local/share/Shortwave
+nodeny  ${HOME}/.cache/Shortwave
+nodeny  ${HOME}/.local/share/Shortwave
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/Shortwave
 mkdir ${HOME}/.local/share/Shortwave
-whitelist ${HOME}/.cache/Shortwave
-whitelist ${HOME}/.local/share/Shortwave
-whitelist /usr/share/shortwave
+allow  ${HOME}/.cache/Shortwave
+allow  ${HOME}/.local/share/Shortwave
+allow  /usr/share/shortwave
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile
index 63af4d3675c..1f3c39c4617 100644
--- a/etc/profile-m-z/shotcut.profile
+++ b/etc/profile-m-z/shotcut.profile
@@ -8,7 +8,7 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/Meltytech
+nodeny  ${HOME}/.config/Meltytech
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile
index ddc8a774310..b653930c3b0 100644
--- a/etc/profile-m-z/shotwell.profile
+++ b/etc/profile-m-z/shotwell.profile
@@ -6,10 +6,10 @@ include shotwell.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/shotwell
-noblacklist ${HOME}/.local/share/shotwell
+nodeny  ${HOME}/.cache/shotwell
+nodeny  ${HOME}/.local/share/shotwell
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -21,9 +21,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/shotwell
 mkdir ${HOME}/.local/share/shotwell
-whitelist ${HOME}/.cache/shotwell
-whitelist ${HOME}/.local/share/shotwell
-whitelist ${PICTURES}
+allow  ${HOME}/.cache/shotwell
+allow  ${HOME}/.local/share/shotwell
+allow  ${PICTURES}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index 478377344fb..8a46899f1bf 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -6,10 +6,10 @@ include signal-cli.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${HOME}/.local/share/signal-cli
+nodeny  ${HOME}/.local/share/signal-cli
 
 include allow-java.inc
 
@@ -22,7 +22,7 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/signal-cli
-whitelist ${HOME}/.local/share/signal-cli
+allow  ${HOME}/.local/share/signal-cli
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index 77a7f5b3882..a120807484a 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -9,15 +9,15 @@ ignore novideo
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Signal
+nodeny  ${HOME}/.config/Signal
 
 # These lines are needed to allow Firefox to open links
-noblacklist ${HOME}/.mozilla
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
+nodeny  ${HOME}/.mozilla
+allow  ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 
 mkdir ${HOME}/.config/Signal
-whitelist ${HOME}/.config/Signal
+allow  ${HOME}/.config/Signal
 
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
 
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile
index 17920677b7a..589a44ffc7b 100644
--- a/etc/profile-m-z/simple-scan.profile
+++ b/etc/profile-m-z/simple-scan.profile
@@ -6,8 +6,8 @@ include simple-scan.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/simple-scan
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/simple-scan
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/hplip
-whitelist /usr/share/simple-scan
+allow  /usr/share/hplip
+allow  /usr/share/simple-scan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile
index d664f8bf5e8..83f833508c1 100644
--- a/etc/profile-m-z/simplescreenrecorder.profile
+++ b/etc/profile-m-z/simplescreenrecorder.profile
@@ -6,8 +6,8 @@ include simplescreenrecorder.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${VIDEOS}
-noblacklist ${HOME}/.ssr
+nodeny  ${VIDEOS}
+nodeny  ${HOME}/.ssr
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/simplescreenrecorder
+allow  /usr/share/simplescreenrecorder
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile
index afaa0f6d8b1..1d7f415798c 100644
--- a/etc/profile-m-z/simutrans.profile
+++ b/etc/profile-m-z/simutrans.profile
@@ -6,7 +6,7 @@ include simutrans.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.simutrans
+nodeny  ${HOME}/.simutrans
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.simutrans
-whitelist ${HOME}/.simutrans
+allow  ${HOME}/.simutrans
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile
index 093a6139869..98ed624f915 100644
--- a/etc/profile-m-z/skanlite.profile
+++ b/etc/profile-m-z/skanlite.profile
@@ -6,7 +6,7 @@ include skanlite.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile
index ed04eda8e9e..e7f70eebe98 100644
--- a/etc/profile-m-z/skypeforlinux.profile
+++ b/etc/profile-m-z/skypeforlinux.profile
@@ -21,7 +21,7 @@ ignore dbus-system none
 ignore apparmor
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/skypeforlinux
+nodeny  ${HOME}/.config/skypeforlinux
 
 # private-dev - needs /dev/disk
 
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile
index 51f6c8b00bd..b8299add3c3 100644
--- a/etc/profile-m-z/slack.profile
+++ b/etc/profile-m-z/slack.profile
@@ -16,14 +16,14 @@ ignore private-tmp
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/Slack
+nodeny  ${HOME}/.config/Slack
 
 include allow-bin-sh.inc
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Slack
-whitelist ${HOME}/.config/Slack
+allow  ${HOME}/.config/Slack
 
 private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile
index c5a31c237e2..36a0044dcd4 100644
--- a/etc/profile-m-z/slashem.profile
+++ b/etc/profile-m-z/slashem.profile
@@ -6,7 +6,7 @@ include slashem.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /var/games/slashem
+nodeny  /var/games/slashem
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,7 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/games/slashem
+allow  /var/games/slashem
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile
index 01547e5c16a..4e4334dc0a0 100644
--- a/etc/profile-m-z/smplayer.profile
+++ b/etc/profile-m-z/smplayer.profile
@@ -6,9 +6,9 @@ include smplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/smplayer
-noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.mplayer
+nodeny  ${HOME}/.config/smplayer
+nodeny  ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.mplayer
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -17,8 +17,8 @@ include allow-lua.inc
 include allow-python2.inc
 include allow-python3.inc
 
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -29,9 +29,9 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/lua*
-whitelist /usr/share/smplayer
-whitelist /usr/share/vulkan
+allow  /usr/share/lua*
+allow  /usr/share/smplayer
+allow  /usr/share/vulkan
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile
index 196950eafeb..99d02ffdf2a 100644
--- a/etc/profile-m-z/smtube.profile
+++ b/etc/profile-m-z/smtube.profile
@@ -6,14 +6,14 @@ include smtube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/smplayer
-noblacklist ${HOME}/.config/smtube
-noblacklist ${HOME}/.config/mpv
-noblacklist ${HOME}/.mplayer
-noblacklist ${HOME}/.config/vlc
-noblacklist ${HOME}/.local/share/vlc
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/smplayer
+nodeny  ${HOME}/.config/smtube
+nodeny  ${HOME}/.config/mpv
+nodeny  ${HOME}/.mplayer
+nodeny  ${HOME}/.config/vlc
+nodeny  ${HOME}/.local/share/vlc
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/smplayer
-whitelist /usr/share/smtube
+allow  /usr/share/smplayer
+allow  /usr/share/smtube
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
index c3a9bb85899..3a79890cc6b 100644
--- a/etc/profile-m-z/smuxi-frontend-gnome.profile
+++ b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/smuxi
-noblacklist ${HOME}/.config/smuxi
-noblacklist ${HOME}/.local/share/smuxi
+nodeny  ${HOME}/.cache/smuxi
+nodeny  ${HOME}/.config/smuxi
+nodeny  ${HOME}/.local/share/smuxi
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,10 +21,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/smuxi
 mkdir ${HOME}/.config/smuxi
 mkdir ${HOME}/.local/share/smuxi
-whitelist ${HOME}/.cache/smuxi
-whitelist ${HOME}/.config/smuxi
-whitelist ${HOME}/.local/share/smuxi
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/smuxi
+allow  ${HOME}/.config/smuxi
+allow  ${HOME}/.local/share/smuxi
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile
index 83493652ca8..1d315404ebf 100644
--- a/etc/profile-m-z/snox.profile
+++ b/etc/profile-m-z/snox.profile
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/snox
-noblacklist ${HOME}/.config/snox
+nodeny  ${HOME}/.cache/snox
+nodeny  ${HOME}/.config/snox
 
 #mkdir ${HOME}/.cache/dnox
 #mkdir ${HOME}/.config/dnox
 mkdir ${HOME}/.cache/snox
 mkdir ${HOME}/.config/snox
-whitelist ${HOME}/.cache/snox
-whitelist ${HOME}/.config/snox
+allow  ${HOME}/.cache/snox
+allow  ${HOME}/.config/snox
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile
index 83315231f80..bd4991e8125 100644
--- a/etc/profile-m-z/softmaker-common.profile
+++ b/etc/profile-m-z/softmaker-common.profile
@@ -10,7 +10,7 @@ include softmaker-common.local
 # with an absolute Exec line. These files are NOT handelt by firecfg,
 # therefore you must manualy copy them in you home and remove '/usr/bin/'.
 
-noblacklist ${HOME}/SoftMaker
+nodeny  ${HOME}/SoftMaker
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /usr/share/office2018
-whitelist /usr/share/freeoffice2018
+allow  /usr/share/office2018
+allow  /usr/share/freeoffice2018
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile
index ef00fdffff1..16ee39e09df 100644
--- a/etc/profile-m-z/sound-juicer.profile
+++ b/etc/profile-m-z/sound-juicer.profile
@@ -6,8 +6,8 @@ include sound-juicer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/sound-juicer
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.config/sound-juicer
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile
index 4dbf3410076..46da7a45306 100644
--- a/etc/profile-m-z/soundconverter.profile
+++ b/etc/profile-m-z/soundconverter.profile
@@ -10,7 +10,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
 
-noblacklist ${MUSIC}
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
-whitelist ${MUSIC}
-whitelist /usr/share/soundconverter
+allow  ${DOWNLOADS}
+allow  ${MUSIC}
+allow  /usr/share/soundconverter
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile
index 4468f21e7eb..08adb5861f4 100644
--- a/etc/profile-m-z/spectacle.profile
+++ b/etc/profile-m-z/spectacle.profile
@@ -12,8 +12,8 @@ include globals.local
 #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
 #protocol unix,inet,inet6
 
-noblacklist ${HOME}/.config/spectaclerc
-noblacklist ${PICTURES}
+nodeny  ${HOME}/.config/spectaclerc
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,10 +24,10 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkfile  ${HOME}/.config/spectaclerc
-whitelist ${HOME}/.config/spectaclerc
-whitelist ${PICTURES}
-whitelist /usr/share/kconf_update/spectacle_newConfig.upd
-whitelist /usr/share/kconf_update/spectacle_shortcuts.upd
+allow  ${HOME}/.config/spectaclerc
+allow  ${PICTURES}
+allow  /usr/share/kconf_update/spectacle_newConfig.upd
+allow  /usr/share/kconf_update/spectacle_shortcuts.upd
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
index 283674517a3..4c1b2d3e1a2 100644
--- a/etc/profile-m-z/spectral.profile
+++ b/etc/profile-m-z/spectral.profile
@@ -6,8 +6,8 @@ include spectral.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/ENCOM/Spectral
-noblacklist ${HOME}/.config/ENCOM
+nodeny  ${HOME}/.cache/ENCOM/Spectral
+nodeny  ${HOME}/.config/ENCOM
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,9 +20,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/ENCOM/Spectral
 mkdir ${HOME}/.config/ENCOM
-whitelist ${HOME}/.cache/ENCOM/Spectral
-whitelist ${HOME}/.config/ENCOM
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.cache/ENCOM/Spectral
+allow  ${HOME}/.config/ENCOM
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile
index 984461f9030..3a3fd838d6b 100644
--- a/etc/profile-m-z/spectre-meltdown-checker.profile
+++ b/etc/profile-m-z/spectre-meltdown-checker.profile
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
-noblacklist ${PATH}/mount
-noblacklist ${PATH}/umount
+nodeny  ${PATH}/mount
+nodeny  ${PATH}/umount
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile
index 01bc2bc05de..e1c830268ca 100644
--- a/etc/profile-m-z/spotify.profile
+++ b/etc/profile-m-z/spotify.profile
@@ -5,11 +5,11 @@ include spotify.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/spotify
-noblacklist ${HOME}/.config/spotify
-noblacklist ${HOME}/.local/share/spotify
+nodeny  ${HOME}/.cache/spotify
+nodeny  ${HOME}/.config/spotify
+nodeny  ${HOME}/.local/share/spotify
 
-blacklist ${HOME}/.bashrc
+deny  ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,9 +21,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/spotify
 mkdir ${HOME}/.config/spotify
 mkdir ${HOME}/.local/share/spotify
-whitelist ${HOME}/.cache/spotify
-whitelist ${HOME}/.config/spotify
-whitelist ${HOME}/.local/share/spotify
+allow  ${HOME}/.cache/spotify
+allow  ${HOME}/.config/spotify
+allow  ${HOME}/.local/share/spotify
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile
index 4dd2c7262b8..aa577b63a33 100644
--- a/etc/profile-m-z/sqlitebrowser.profile
+++ b/etc/profile-m-z/sqlitebrowser.profile
@@ -6,8 +6,8 @@ include sqlitebrowser.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/sqlitebrowser
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/sqlitebrowser
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index 5802299a35b..e456ebe073a 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -9,8 +9,8 @@ include globals.local
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index a5864219236..8a0d8615022 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -8,8 +8,8 @@ include ssh.local
 include globals.local
 
 # nc can be used as ProxyCommand, e.g. when using tor
-noblacklist ${PATH}/nc
-noblacklist ${PATH}/ncat
+nodeny  ${PATH}/nc
+nodeny  ${PATH}/ncat
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
@@ -19,8 +19,8 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
-whitelist ${RUNUSER}/keyring/ssh
+allow  ${RUNUSER}/gnupg/S.gpg-agent.ssh
+allow  ${RUNUSER}/keyring/ssh
 include whitelist-usr-share-common.inc
 include whitelist-runuser-common.inc
 
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile
index 48a532876e7..75de118abc1 100644
--- a/etc/profile-m-z/standardnotes-desktop.profile
+++ b/etc/profile-m-z/standardnotes-desktop.profile
@@ -5,8 +5,8 @@ include standardnotes-desktop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/Standard Notes Backups
-noblacklist ${HOME}/.config/Standard Notes
+nodeny  ${HOME}/Standard Notes Backups
+nodeny  ${HOME}/.config/Standard Notes
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/Standard Notes Backups
 mkdir ${HOME}/.config/Standard Notes
-whitelist ${HOME}/Standard Notes Backups
-whitelist ${HOME}/.config/Standard Notes
+allow  ${HOME}/Standard Notes Backups
+allow  ${HOME}/.config/Standard Notes
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile
index 2f73c9feec8..8f75365e861 100644
--- a/etc/profile-m-z/start-tor-browser.desktop.profile
+++ b/etc/profile-m-z/start-tor-browser.desktop.profile
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser*
+nodeny  ${HOME}/.tor-browser*
 
-whitelist ${HOME}/.tor-browser-ar
-whitelist ${HOME}/.tor-browser-ca
-whitelist ${HOME}/.tor-browser-cs
-whitelist ${HOME}/.tor-browser-da
-whitelist ${HOME}/.tor-browser-de
-whitelist ${HOME}/.tor-browser-el
-whitelist ${HOME}/.tor-browser-en
-whitelist ${HOME}/.tor-browser-en-us
-whitelist ${HOME}/.tor-browser-es
-whitelist ${HOME}/.tor-browser-es-es
-whitelist ${HOME}/.tor-browser-fa
-whitelist ${HOME}/.tor-browser-fr
-whitelist ${HOME}/.tor-browser-ga-ie
-whitelist ${HOME}/.tor-browser-he
-whitelist ${HOME}/.tor-browser-hu
-whitelist ${HOME}/.tor-browser-id
-whitelist ${HOME}/.tor-browser-is
-whitelist ${HOME}/.tor-browser-it
-whitelist ${HOME}/.tor-browser-ja
-whitelist ${HOME}/.tor-browser-ka
-whitelist ${HOME}/.tor-browser-ko
-whitelist ${HOME}/.tor-browser-nb
-whitelist ${HOME}/.tor-browser-nl
-whitelist ${HOME}/.tor-browser-pl
-whitelist ${HOME}/.tor-browser-pt-br
-whitelist ${HOME}/.tor-browser-ru
-whitelist ${HOME}/.tor-browser-sv-se
-whitelist ${HOME}/.tor-browser-tr
-whitelist ${HOME}/.tor-browser-vi
-whitelist ${HOME}/.tor-browser-zh-cn
-whitelist ${HOME}/.tor-browser-zh-tw
+allow  ${HOME}/.tor-browser-ar
+allow  ${HOME}/.tor-browser-ca
+allow  ${HOME}/.tor-browser-cs
+allow  ${HOME}/.tor-browser-da
+allow  ${HOME}/.tor-browser-de
+allow  ${HOME}/.tor-browser-el
+allow  ${HOME}/.tor-browser-en
+allow  ${HOME}/.tor-browser-en-us
+allow  ${HOME}/.tor-browser-es
+allow  ${HOME}/.tor-browser-es-es
+allow  ${HOME}/.tor-browser-fa
+allow  ${HOME}/.tor-browser-fr
+allow  ${HOME}/.tor-browser-ga-ie
+allow  ${HOME}/.tor-browser-he
+allow  ${HOME}/.tor-browser-hu
+allow  ${HOME}/.tor-browser-id
+allow  ${HOME}/.tor-browser-is
+allow  ${HOME}/.tor-browser-it
+allow  ${HOME}/.tor-browser-ja
+allow  ${HOME}/.tor-browser-ka
+allow  ${HOME}/.tor-browser-ko
+allow  ${HOME}/.tor-browser-nb
+allow  ${HOME}/.tor-browser-nl
+allow  ${HOME}/.tor-browser-pl
+allow  ${HOME}/.tor-browser-pt-br
+allow  ${HOME}/.tor-browser-ru
+allow  ${HOME}/.tor-browser-sv-se
+allow  ${HOME}/.tor-browser-tr
+allow  ${HOME}/.tor-browser-vi
+allow  ${HOME}/.tor-browser-zh-cn
+allow  ${HOME}/.tor-browser-zh-tw
 
-whitelist ${HOME}/.tor-browser_ar
-whitelist ${HOME}/.tor-browser_ca
-whitelist ${HOME}/.tor-browser_cs
-whitelist ${HOME}/.tor-browser_da
-whitelist ${HOME}/.tor-browser_de
-whitelist ${HOME}/.tor-browser_el
-whitelist ${HOME}/.tor-browser_en
-whitelist ${HOME}/.tor-browser_en_US
-whitelist ${HOME}/.tor-browser_es
-whitelist ${HOME}/.tor-browser_es-ES
-whitelist ${HOME}/.tor-browser_fa
-whitelist ${HOME}/.tor-browser_fr
-whitelist ${HOME}/.tor-browser_ga-IE
-whitelist ${HOME}/.tor-browser_he
-whitelist ${HOME}/.tor-browser_hu
-whitelist ${HOME}/.tor-browser_id
-whitelist ${HOME}/.tor-browser_is
-whitelist ${HOME}/.tor-browser_it
-whitelist ${HOME}/.tor-browser_ja
-whitelist ${HOME}/.tor-browser_ka
-whitelist ${HOME}/.tor-browser_ko
-whitelist ${HOME}/.tor-browser_nb
-whitelist ${HOME}/.tor-browser_nl
-whitelist ${HOME}/.tor-browser_pl
-whitelist ${HOME}/.tor-browser_pt-BR
-whitelist ${HOME}/.tor-browser_ru
-whitelist ${HOME}/.tor-browser_sv-SE
-whitelist ${HOME}/.tor-browser_tr
-whitelist ${HOME}/.tor-browser_vi
-whitelist ${HOME}/.tor-browser_zh-CN
-whitelist ${HOME}/.tor-browser_zh-TW
+allow  ${HOME}/.tor-browser_ar
+allow  ${HOME}/.tor-browser_ca
+allow  ${HOME}/.tor-browser_cs
+allow  ${HOME}/.tor-browser_da
+allow  ${HOME}/.tor-browser_de
+allow  ${HOME}/.tor-browser_el
+allow  ${HOME}/.tor-browser_en
+allow  ${HOME}/.tor-browser_en_US
+allow  ${HOME}/.tor-browser_es
+allow  ${HOME}/.tor-browser_es-ES
+allow  ${HOME}/.tor-browser_fa
+allow  ${HOME}/.tor-browser_fr
+allow  ${HOME}/.tor-browser_ga-IE
+allow  ${HOME}/.tor-browser_he
+allow  ${HOME}/.tor-browser_hu
+allow  ${HOME}/.tor-browser_id
+allow  ${HOME}/.tor-browser_is
+allow  ${HOME}/.tor-browser_it
+allow  ${HOME}/.tor-browser_ja
+allow  ${HOME}/.tor-browser_ka
+allow  ${HOME}/.tor-browser_ko
+allow  ${HOME}/.tor-browser_nb
+allow  ${HOME}/.tor-browser_nl
+allow  ${HOME}/.tor-browser_pl
+allow  ${HOME}/.tor-browser_pt-BR
+allow  ${HOME}/.tor-browser_ru
+allow  ${HOME}/.tor-browser_sv-SE
+allow  ${HOME}/.tor-browser_tr
+allow  ${HOME}/.tor-browser_vi
+allow  ${HOME}/.tor-browser_zh-CN
+allow  ${HOME}/.tor-browser_zh-TW
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index 06d08f3a21b..09e29373de9 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -6,40 +6,40 @@ include steam.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Epic
-noblacklist ${HOME}/.config/Loop_Hero
-noblacklist ${HOME}/.config/ModTheSpire
-noblacklist ${HOME}/.config/RogueLegacy
-noblacklist ${HOME}/.config/RogueLegacyStorageContainer
-noblacklist ${HOME}/.killingfloor
-noblacklist ${HOME}/.klei
-noblacklist ${HOME}/.local/share/3909/PapersPlease
-noblacklist ${HOME}/.local/share/aspyr-media
-noblacklist ${HOME}/.local/share/bohemiainteractive
-noblacklist ${HOME}/.local/share/cdprojektred
-noblacklist ${HOME}/.local/share/Dredmor
-noblacklist ${HOME}/.local/share/FasterThanLight
-noblacklist ${HOME}/.local/share/feral-interactive
-noblacklist ${HOME}/.local/share/IntoTheBreach
-noblacklist ${HOME}/.local/share/Paradox Interactive
-noblacklist ${HOME}/.local/share/PillarsOfEternity
-noblacklist ${HOME}/.local/share/RogueLegacy
-noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer
-noblacklist ${HOME}/.local/share/Steam
-noblacklist ${HOME}/.local/share/SteamWorldDig
-noblacklist ${HOME}/.local/share/SteamWorld Dig 2
-noblacklist ${HOME}/.local/share/SuperHexagon
-noblacklist ${HOME}/.local/share/Terraria
-noblacklist ${HOME}/.local/share/vpltd
-noblacklist ${HOME}/.local/share/vulkan
-noblacklist ${HOME}/.mbwarband
-noblacklist ${HOME}/.paradoxinteractive
-noblacklist ${HOME}/.steam
-noblacklist ${HOME}/.steampath
-noblacklist ${HOME}/.steampid
+nodeny  ${HOME}/.config/Epic
+nodeny  ${HOME}/.config/Loop_Hero
+nodeny  ${HOME}/.config/ModTheSpire
+nodeny  ${HOME}/.config/RogueLegacy
+nodeny  ${HOME}/.config/RogueLegacyStorageContainer
+nodeny  ${HOME}/.killingfloor
+nodeny  ${HOME}/.klei
+nodeny  ${HOME}/.local/share/3909/PapersPlease
+nodeny  ${HOME}/.local/share/aspyr-media
+nodeny  ${HOME}/.local/share/bohemiainteractive
+nodeny  ${HOME}/.local/share/cdprojektred
+nodeny  ${HOME}/.local/share/Dredmor
+nodeny  ${HOME}/.local/share/FasterThanLight
+nodeny  ${HOME}/.local/share/feral-interactive
+nodeny  ${HOME}/.local/share/IntoTheBreach
+nodeny  ${HOME}/.local/share/Paradox Interactive
+nodeny  ${HOME}/.local/share/PillarsOfEternity
+nodeny  ${HOME}/.local/share/RogueLegacy
+nodeny  ${HOME}/.local/share/RogueLegacyStorageContainer
+nodeny  ${HOME}/.local/share/Steam
+nodeny  ${HOME}/.local/share/SteamWorldDig
+nodeny  ${HOME}/.local/share/SteamWorld Dig 2
+nodeny  ${HOME}/.local/share/SuperHexagon
+nodeny  ${HOME}/.local/share/Terraria
+nodeny  ${HOME}/.local/share/vpltd
+nodeny  ${HOME}/.local/share/vulkan
+nodeny  ${HOME}/.mbwarband
+nodeny  ${HOME}/.paradoxinteractive
+nodeny  ${HOME}/.steam
+nodeny  ${HOME}/.steampath
+nodeny  ${HOME}/.steampid
 # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive
 mkdir ${HOME}/.steam
 mkfile ${HOME}/.steampath
 mkfile ${HOME}/.steampid
-whitelist ${HOME}/.config/Epic
-whitelist ${HOME}/.config/Loop_Hero
-whitelist ${HOME}/.config/ModTheSpire
-whitelist ${HOME}/.config/RogueLegacy
-whitelist ${HOME}/.config/RogueLegacyStorageContainer
-whitelist ${HOME}/.config/unity3d
-whitelist ${HOME}/.killingfloor
-whitelist ${HOME}/.klei
-whitelist ${HOME}/.local/share/3909/PapersPlease
-whitelist ${HOME}/.local/share/aspyr-media
-whitelist ${HOME}/.local/share/bohemiainteractive
-whitelist ${HOME}/.local/share/cdprojektred
-whitelist ${HOME}/.local/share/Dredmor
-whitelist ${HOME}/.local/share/FasterThanLight
-whitelist ${HOME}/.local/share/feral-interactive
-whitelist ${HOME}/.local/share/IntoTheBreach
-whitelist ${HOME}/.local/share/Paradox Interactive
-whitelist ${HOME}/.local/share/PillarsOfEternity
-whitelist ${HOME}/.local/share/RogueLegacy
-whitelist ${HOME}/.local/share/RogueLegacyStorageContainer
-whitelist ${HOME}/.local/share/Steam
-whitelist ${HOME}/.local/share/SteamWorldDig
-whitelist ${HOME}/.local/share/SteamWorld Dig 2
-whitelist ${HOME}/.local/share/SuperHexagon
-whitelist ${HOME}/.local/share/Terraria
-whitelist ${HOME}/.local/share/vpltd
-whitelist ${HOME}/.local/share/vulkan
-whitelist ${HOME}/.mbwarband
-whitelist ${HOME}/.paradoxinteractive
-whitelist ${HOME}/.steam
-whitelist ${HOME}/.steampath
-whitelist ${HOME}/.steampid
+allow  ${HOME}/.config/Epic
+allow  ${HOME}/.config/Loop_Hero
+allow  ${HOME}/.config/ModTheSpire
+allow  ${HOME}/.config/RogueLegacy
+allow  ${HOME}/.config/RogueLegacyStorageContainer
+allow  ${HOME}/.config/unity3d
+allow  ${HOME}/.killingfloor
+allow  ${HOME}/.klei
+allow  ${HOME}/.local/share/3909/PapersPlease
+allow  ${HOME}/.local/share/aspyr-media
+allow  ${HOME}/.local/share/bohemiainteractive
+allow  ${HOME}/.local/share/cdprojektred
+allow  ${HOME}/.local/share/Dredmor
+allow  ${HOME}/.local/share/FasterThanLight
+allow  ${HOME}/.local/share/feral-interactive
+allow  ${HOME}/.local/share/IntoTheBreach
+allow  ${HOME}/.local/share/Paradox Interactive
+allow  ${HOME}/.local/share/PillarsOfEternity
+allow  ${HOME}/.local/share/RogueLegacy
+allow  ${HOME}/.local/share/RogueLegacyStorageContainer
+allow  ${HOME}/.local/share/Steam
+allow  ${HOME}/.local/share/SteamWorldDig
+allow  ${HOME}/.local/share/SteamWorld Dig 2
+allow  ${HOME}/.local/share/SuperHexagon
+allow  ${HOME}/.local/share/Terraria
+allow  ${HOME}/.local/share/vpltd
+allow  ${HOME}/.local/share/vulkan
+allow  ${HOME}/.mbwarband
+allow  ${HOME}/.paradoxinteractive
+allow  ${HOME}/.steam
+allow  ${HOME}/.steampath
+allow  ${HOME}/.steampid
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile
index a752ab53c77..003d3a07948 100644
--- a/etc/profile-m-z/stellarium.profile
+++ b/etc/profile-m-z/stellarium.profile
@@ -6,8 +6,8 @@ include stellarium.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/stellarium
-noblacklist ${HOME}/.stellarium
+nodeny  ${HOME}/.config/stellarium
+nodeny  ${HOME}/.stellarium
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.config/stellarium
 mkdir ${HOME}/.stellarium
-whitelist ${HOME}/.config/stellarium
-whitelist ${HOME}/.stellarium
+allow  ${HOME}/.config/stellarium
+allow  ${HOME}/.stellarium
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile
index d73927f2a8e..dd643bc2044 100644
--- a/etc/profile-m-z/straw-viewer.profile
+++ b/etc/profile-m-z/straw-viewer.profile
@@ -7,13 +7,13 @@ include straw-viewer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/straw-viewer
-noblacklist ${HOME}/.config/straw-viewer
+nodeny  ${HOME}/.cache/straw-viewer
+nodeny  ${HOME}/.config/straw-viewer
 
 mkdir ${HOME}/.config/straw-viewer
 mkdir ${HOME}/.cache/straw-viewer
-whitelist ${HOME}/.cache/straw-viewer
-whitelist ${HOME}/.config/straw-viewer
+allow  ${HOME}/.cache/straw-viewer
+allow  ${HOME}/.config/straw-viewer
 
 private-bin gtk-straw-viewer,straw-viewer
 
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile
index b87906f5508..aed0b7910e6 100644
--- a/etc/profile-m-z/strawberry.profile
+++ b/etc/profile-m-z/strawberry.profile
@@ -6,10 +6,10 @@ include strawberry.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/strawberry
-noblacklist ${HOME}/.config/strawberry
-noblacklist ${HOME}/.local/share/strawberry
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.cache/strawberry
+nodeny  ${HOME}/.config/strawberry
+nodeny  ${HOME}/.local/share/strawberry
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile
index 1ebcded7f51..5c820ef81e9 100644
--- a/etc/profile-m-z/strings.profile
+++ b/etc/profile-m-z/strings.profile
@@ -7,7 +7,7 @@ include strings.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
+deny  ${RUNUSER}
 
 #include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile
index bbe92fd38f4..0d07b5ea74d 100644
--- a/etc/profile-m-z/subdownloader.profile
+++ b/etc/profile-m-z/subdownloader.profile
@@ -6,8 +6,8 @@ include subdownloader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/SubDownloader
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.config/SubDownloader
+nodeny  ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile
index cfd7a63ead9..8cc54780532 100644
--- a/etc/profile-m-z/supertux2.profile
+++ b/etc/profile-m-z/supertux2.profile
@@ -6,7 +6,7 @@ include supertux2.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/supertux2
+nodeny  ${HOME}/.local/share/supertux2
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/supertux2
-whitelist ${HOME}/.local/share/supertux2
-whitelist /usr/share/supertux2
-whitelist /usr/share/games/supertux2	# Debian version
+allow  ${HOME}/.local/share/supertux2
+allow  /usr/share/supertux2
+allow  /usr/share/games/supertux2	# Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 4eb8f921c80..44dc1524fd3 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -6,11 +6,11 @@ include supertuxkart.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/supertuxkart
-noblacklist ${HOME}/.cache/supertuxkart
-noblacklist ${HOME}/.local/share/supertuxkart
+nodeny  ${HOME}/.config/supertuxkart
+nodeny  ${HOME}/.cache/supertuxkart
+nodeny  ${HOME}/.local/share/supertuxkart
 
-blacklist /usr/libexec
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
@@ -24,11 +24,11 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/supertuxkart
 mkdir ${HOME}/.cache/supertuxkart
 mkdir ${HOME}/.local/share/supertuxkart
-whitelist ${HOME}/.config/supertuxkart
-whitelist ${HOME}/.cache/supertuxkart
-whitelist ${HOME}/.local/share/supertuxkart
-whitelist /usr/share/supertuxkart
-whitelist /usr/share/games/supertuxkart	# Debian version
+allow  ${HOME}/.config/supertuxkart
+allow  ${HOME}/.cache/supertuxkart
+allow  ${HOME}/.local/share/supertuxkart
+allow  /usr/share/supertuxkart
+allow  /usr/share/games/supertuxkart	# Debian version
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile
index 8db7d243397..fd1e7f9e974 100644
--- a/etc/profile-m-z/surf.profile
+++ b/etc/profile-m-z/surf.profile
@@ -6,7 +6,7 @@ include surf.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.surf
+nodeny  ${HOME}/.surf
 
 include disable-common.inc
 include disable-devel.inc
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.surf
-whitelist ${HOME}/.surf
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.surf
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile
index 9efae815d66..55cd0965a25 100644
--- a/etc/profile-m-z/swell-foop.profile
+++ b/etc/profile-m-z/swell-foop.profile
@@ -6,12 +6,12 @@ include swell-foop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.local/share/swell-foop
+nodeny  ${HOME}/.local/share/swell-foop
 
 mkdir ${HOME}/.local/share/swell-foop
-whitelist ${HOME}/.local/share/swell-foop
+allow  ${HOME}/.local/share/swell-foop
 
-whitelist /usr/share/swell-foop
+allow  /usr/share/swell-foop
 
 private-bin swell-foop
 
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile
index 328812b04be..447cdc99e85 100644
--- a/etc/profile-m-z/sylpheed.profile
+++ b/etc/profile-m-z/sylpheed.profile
@@ -6,12 +6,12 @@ include sylpheed.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.sylpheed-2.0
+nodeny  ${HOME}/.sylpheed-2.0
 
 mkdir ${HOME}/.sylpheed-2.0
-whitelist ${HOME}/.sylpheed-2.0
+allow  ${HOME}/.sylpheed-2.0
 
-whitelist /usr/share/sylpheed
+allow  /usr/share/sylpheed
 
 # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed
 
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile
index c60186c42c0..7cbbafd543a 100644
--- a/etc/profile-m-z/synfigstudio.profile
+++ b/etc/profile-m-z/synfigstudio.profile
@@ -6,8 +6,8 @@ include synfigstudio.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/synfig
-noblacklist ${HOME}/.synfig
+nodeny  ${HOME}/.config/synfig
+nodeny  ${HOME}/.synfig
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile
index b52b25b963c..f20f8879184 100644
--- a/etc/profile-m-z/sysprof.profile
+++ b/etc/profile-m-z/sysprof.profile
@@ -6,7 +6,7 @@ include sysprof.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -24,15 +24,15 @@ include disable-xdg.inc
 #nowhitelist /usr/share/yelp-tools
 #nowhitelist /usr/share/yelp-xsl
 
-noblacklist ${HOME}/.config/yelp
+nodeny  ${HOME}/.config/yelp
 mkdir ${HOME}/.config/yelp
-whitelist ${HOME}/.config/yelp
-whitelist /usr/share/help/C/sysprof
-whitelist /usr/share/yelp
-whitelist /usr/share/yelp-tools
-whitelist /usr/share/yelp-xsl
+allow  ${HOME}/.config/yelp
+allow  /usr/share/help/C/sysprof
+allow  /usr/share/yelp
+allow  /usr/share/yelp-tools
+allow  /usr/share/yelp-xsl
 
-whitelist ${DOCUMENTS}
+allow  ${DOCUMENTS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile
index 0d3a900e90e..74c8a084950 100644
--- a/etc/profile-m-z/tar.profile
+++ b/etc/profile-m-z/tar.profile
@@ -12,7 +12,7 @@ ignore include disable-shell.inc
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop
 # all capabilities this is automatically read-only.
-noblacklist /var/lib/pacman
+nodeny  /var/lib/pacman
 
 private-etc alternatives,group,localtime,login.defs,passwd
 #private-lib libfakeroot,liblzma.so.*,libreadline.so.*
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile
index ffe9605b648..691c3319174 100644
--- a/etc/profile-m-z/tb-starter-wrapper.profile
+++ b/etc/profile-m-z/tb-starter-wrapper.profile
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tb
+nodeny  ${HOME}/.tb
 
 mkdir ${HOME}/.tb
-whitelist ${HOME}/.tb
+allow  ${HOME}/.tb
 
 private-bin tb-starter-wrapper
 
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile
index e2ba5893c02..b4c4873b3c2 100644
--- a/etc/profile-m-z/tcpdump.profile
+++ b/etc/profile-m-z/tcpdump.profile
@@ -6,9 +6,9 @@ include tcpdump.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
-noblacklist ${PATH}/tcpdump
+nodeny  /sbin
+nodeny  /usr/sbin
+nodeny  ${PATH}/tcpdump
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile
index eee0833326a..24cbb42da6c 100644
--- a/etc/profile-m-z/teams-for-linux.profile
+++ b/etc/profile-m-z/teams-for-linux.profile
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/teams-for-linux
+nodeny  ${HOME}/.config/teams-for-linux
 
 mkdir ${HOME}/.config/teams-for-linux
-whitelist ${HOME}/.config/teams-for-linux
+allow  ${HOME}/.config/teams-for-linux
 
 private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh
 private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile
index c8d98cbaa2c..8639edbc8fd 100644
--- a/etc/profile-m-z/teams.profile
+++ b/etc/profile-m-z/teams.profile
@@ -18,13 +18,13 @@ ignore apparmor
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/teams
-noblacklist ${HOME}/.config/Microsoft
+nodeny  ${HOME}/.config/teams
+nodeny  ${HOME}/.config/Microsoft
 
 mkdir ${HOME}/.config/teams
 mkdir ${HOME}/.config/Microsoft
-whitelist ${HOME}/.config/teams
-whitelist ${HOME}/.config/Microsoft
+allow  ${HOME}/.config/teams
+allow  ${HOME}/.config/Microsoft
 
 # Redirect
 include electron.profile
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile
index 02a2c8ae409..781a5f4ebc1 100644
--- a/etc/profile-m-z/teamspeak3.profile
+++ b/etc/profile-m-z/teamspeak3.profile
@@ -6,8 +6,8 @@ include teamspeak3.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ts3client
-noblacklist ${PATH}/openssl
+nodeny  ${HOME}/.ts3client
+nodeny  ${PATH}/openssl
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.ts3client
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.ts3client
+allow  ${DOWNLOADS}
+allow  ${HOME}/.ts3client
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile
index be01aee12fb..c9c444ffc41 100644
--- a/etc/profile-m-z/teeworlds.profile
+++ b/etc/profile-m-z/teeworlds.profile
@@ -6,7 +6,7 @@ include teeworlds.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.teeworlds
+nodeny  ${HOME}/.teeworlds
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.teeworlds
-whitelist ${HOME}/.teeworlds
+allow  ${HOME}/.teeworlds
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index e7580938d9c..92689a46159 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -5,8 +5,8 @@ include telegram.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.TelegramDesktop
-noblacklist ${HOME}/.local/share/TelegramDesktop
+nodeny  ${HOME}/.TelegramDesktop
+nodeny  ${HOME}/.local/share/TelegramDesktop
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.TelegramDesktop
 mkdir ${HOME}/.local/share/TelegramDesktop
-whitelist ${HOME}/.TelegramDesktop
-whitelist ${HOME}/.local/share/TelegramDesktop
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.TelegramDesktop
+allow  ${HOME}/.local/share/TelegramDesktop
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile
index ce2ca1d1761..b2f98fbac1c 100644
--- a/etc/profile-m-z/terasology.profile
+++ b/etc/profile-m-z/terasology.profile
@@ -7,7 +7,7 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.local/share/terasology
+nodeny  ${HOME}/.local/share/terasology
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -21,8 +21,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.java
 mkdir ${HOME}/.local/share/terasology
-whitelist ${HOME}/.java
-whitelist ${HOME}/.local/share/terasology
+allow  ${HOME}/.java
+allow  ${HOME}/.local/share/terasology
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile
index b478fbe1ea2..a539cadf82b 100644
--- a/etc/profile-m-z/thunderbird.profile
+++ b/etc/profile-m-z/thunderbird.profile
@@ -22,14 +22,14 @@ writable-run-user
 #writable-var
 
 # These lines are needed to allow Firefox to load your profile when clicking a link in an email
-noblacklist ${HOME}/.mozilla
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
+nodeny  ${HOME}/.mozilla
+allow  ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 
-noblacklist ${HOME}/.cache/thunderbird
-noblacklist ${HOME}/.gnupg
+nodeny  ${HOME}/.cache/thunderbird
+nodeny  ${HOME}/.gnupg
 # noblacklist ${HOME}/.icedove
-noblacklist ${HOME}/.thunderbird
+nodeny  ${HOME}/.thunderbird
 
 include disable-passwdmgr.inc
 include disable-xdg.inc
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird
 mkdir ${HOME}/.gnupg
 # mkdir ${HOME}/.icedove
 mkdir ${HOME}/.thunderbird
-whitelist ${HOME}/.cache/thunderbird
-whitelist ${HOME}/.gnupg
+allow  ${HOME}/.cache/thunderbird
+allow  ${HOME}/.gnupg
 # whitelist ${HOME}/.icedove
-whitelist ${HOME}/.thunderbird
+allow  ${HOME}/.thunderbird
 
-whitelist /usr/share/gnupg
-whitelist /usr/share/mozilla
-whitelist /usr/share/thunderbird
-whitelist /usr/share/webext
+allow  /usr/share/gnupg
+allow  /usr/share/mozilla
+allow  /usr/share/thunderbird
+allow  /usr/share/webext
 include whitelist-usr-share-common.inc
 
 # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile
index dd4a372c459..b0fa54f08a9 100644
--- a/etc/profile-m-z/tilp.profile
+++ b/etc/profile-m-z/tilp.profile
@@ -5,7 +5,7 @@ include tilp.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.tilp
+nodeny  ${HOME}/.tilp
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index e0ed3090a99..3ee696b8ba8 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -6,12 +6,12 @@ include tin.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.newsrc
-noblacklist ${HOME}/.tin
+nodeny  ${HOME}/.newsrc
+nodeny  ${HOME}/.tin
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
-blacklist /usr/libexec
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
+deny  /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
index 0139d75153f..d2e90e3567c 100644
--- a/etc/profile-m-z/tmux.profile
+++ b/etc/profile-m-z/tmux.profile
@@ -7,10 +7,10 @@ include tmux.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
-noblacklist /tmp/tmux-*
+nodeny  /tmp/tmux-*
 
 # include disable-common.inc
 # include disable-devel.inc
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile
index 59f1bc3b139..49158b93e53 100644
--- a/etc/profile-m-z/tor-browser-ar.profile
+++ b/etc/profile-m-z/tor-browser-ar.profile
@@ -6,10 +6,10 @@ include tor-browser-ar.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ar
+nodeny  ${HOME}/.tor-browser-ar
 
 mkdir ${HOME}/.tor-browser-ar
-whitelist ${HOME}/.tor-browser-ar
+allow  ${HOME}/.tor-browser-ar
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile
index 68577e35208..612f8bd7c8f 100644
--- a/etc/profile-m-z/tor-browser-ca.profile
+++ b/etc/profile-m-z/tor-browser-ca.profile
@@ -6,10 +6,10 @@ include tor-browser-ca.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ca
+nodeny  ${HOME}/.tor-browser-ca
 
 mkdir ${HOME}/.tor-browser-ca
-whitelist ${HOME}/.tor-browser-ca
+allow  ${HOME}/.tor-browser-ca
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile
index 33e51fcd080..a400fde0564 100644
--- a/etc/profile-m-z/tor-browser-cs.profile
+++ b/etc/profile-m-z/tor-browser-cs.profile
@@ -6,10 +6,10 @@ include tor-browser-cs.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-cs
+nodeny  ${HOME}/.tor-browser-cs
 
 mkdir ${HOME}/.tor-browser-cs
-whitelist ${HOME}/.tor-browser-cs
+allow  ${HOME}/.tor-browser-cs
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile
index 440bb7fc359..9010025e3d6 100644
--- a/etc/profile-m-z/tor-browser-da.profile
+++ b/etc/profile-m-z/tor-browser-da.profile
@@ -6,10 +6,10 @@ include tor-browser-da.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-da
+nodeny  ${HOME}/.tor-browser-da
 
 mkdir ${HOME}/.tor-browser-da
-whitelist ${HOME}/.tor-browser-da
+allow  ${HOME}/.tor-browser-da
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile
index b2b98cf8279..cd556c32bb8 100644
--- a/etc/profile-m-z/tor-browser-de.profile
+++ b/etc/profile-m-z/tor-browser-de.profile
@@ -6,10 +6,10 @@ include tor-browser-de.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-de
+nodeny  ${HOME}/.tor-browser-de
 
 mkdir ${HOME}/.tor-browser-de
-whitelist ${HOME}/.tor-browser-de
+allow  ${HOME}/.tor-browser-de
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile
index 626757dd5c1..ee2b0fea741 100644
--- a/etc/profile-m-z/tor-browser-el.profile
+++ b/etc/profile-m-z/tor-browser-el.profile
@@ -6,10 +6,10 @@ include tor-browser-el.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-el
+nodeny  ${HOME}/.tor-browser-el
 
 mkdir ${HOME}/.tor-browser-el
-whitelist ${HOME}/.tor-browser-el
+allow  ${HOME}/.tor-browser-el
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile
index 15e6907485c..2be71a5aa54 100644
--- a/etc/profile-m-z/tor-browser-en-us.profile
+++ b/etc/profile-m-z/tor-browser-en-us.profile
@@ -6,10 +6,10 @@ include tor-browser-en-us.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-en-us
+nodeny  ${HOME}/.tor-browser-en-us
 
 mkdir ${HOME}/.tor-browser-en-us
-whitelist ${HOME}/.tor-browser-en-us
+allow  ${HOME}/.tor-browser-en-us
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile
index ef8c1eb8be5..633c2f4f951 100644
--- a/etc/profile-m-z/tor-browser-en.profile
+++ b/etc/profile-m-z/tor-browser-en.profile
@@ -6,10 +6,10 @@ include tor-browser-en.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-en
+nodeny  ${HOME}/.tor-browser-en
 
 mkdir ${HOME}/.tor-browser-en
-whitelist ${HOME}/.tor-browser-en
+allow  ${HOME}/.tor-browser-en
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile
index ad734662e74..f7c2302a734 100644
--- a/etc/profile-m-z/tor-browser-es-es.profile
+++ b/etc/profile-m-z/tor-browser-es-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es-es.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-es-es
+nodeny  ${HOME}/.tor-browser-es-es
 
 mkdir ${HOME}/.tor-browser-es-es
-whitelist ${HOME}/.tor-browser-es-es
+allow  ${HOME}/.tor-browser-es-es
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile
index 97d8d857713..d88dcdec121 100644
--- a/etc/profile-m-z/tor-browser-es.profile
+++ b/etc/profile-m-z/tor-browser-es.profile
@@ -6,10 +6,10 @@ include tor-browser-es.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-es
+nodeny  ${HOME}/.tor-browser-es
 
 mkdir ${HOME}/.tor-browser-es
-whitelist ${HOME}/.tor-browser-es
+allow  ${HOME}/.tor-browser-es
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile
index 095be69e452..3f7074fdb99 100644
--- a/etc/profile-m-z/tor-browser-fa.profile
+++ b/etc/profile-m-z/tor-browser-fa.profile
@@ -6,10 +6,10 @@ include tor-browser-fa.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-fa
+nodeny  ${HOME}/.tor-browser-fa
 
 mkdir ${HOME}/.tor-browser-fa
-whitelist ${HOME}/.tor-browser-fa
+allow  ${HOME}/.tor-browser-fa
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile
index 37f61fc3add..ef14f44a21b 100644
--- a/etc/profile-m-z/tor-browser-fr.profile
+++ b/etc/profile-m-z/tor-browser-fr.profile
@@ -6,10 +6,10 @@ include tor-browser-fr.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-fr
+nodeny  ${HOME}/.tor-browser-fr
 
 mkdir ${HOME}/.tor-browser-fr
-whitelist ${HOME}/.tor-browser-fr
+allow  ${HOME}/.tor-browser-fr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile
index ab7141fc476..06baaf34f41 100644
--- a/etc/profile-m-z/tor-browser-ga-ie.profile
+++ b/etc/profile-m-z/tor-browser-ga-ie.profile
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ga-ie
+nodeny  ${HOME}/.tor-browser-ga-ie
 
 mkdir ${HOME}/.tor-browser-ga-ie
-whitelist ${HOME}/.tor-browser-ga-ie
+allow  ${HOME}/.tor-browser-ga-ie
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile
index ae56f3b7f6a..57588ffc77b 100644
--- a/etc/profile-m-z/tor-browser-he.profile
+++ b/etc/profile-m-z/tor-browser-he.profile
@@ -6,10 +6,10 @@ include tor-browser-he.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-he
+nodeny  ${HOME}/.tor-browser-he
 
 mkdir ${HOME}/.tor-browser-he
-whitelist ${HOME}/.tor-browser-he
+allow  ${HOME}/.tor-browser-he
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile
index 65cd18ac819..a10b66a24a5 100644
--- a/etc/profile-m-z/tor-browser-hu.profile
+++ b/etc/profile-m-z/tor-browser-hu.profile
@@ -6,10 +6,10 @@ include tor-browser-hu.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-hu
+nodeny  ${HOME}/.tor-browser-hu
 
 mkdir ${HOME}/.tor-browser-hu
-whitelist ${HOME}/.tor-browser-hu
+allow  ${HOME}/.tor-browser-hu
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile
index 57fe09f4715..fcdb822cd5a 100644
--- a/etc/profile-m-z/tor-browser-id.profile
+++ b/etc/profile-m-z/tor-browser-id.profile
@@ -6,10 +6,10 @@ include tor-browser-id.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-id
+nodeny  ${HOME}/.tor-browser-id
 
 mkdir ${HOME}/.tor-browser-id
-whitelist ${HOME}/.tor-browser-id
+allow  ${HOME}/.tor-browser-id
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile
index 54f1df42d91..45b47c10862 100644
--- a/etc/profile-m-z/tor-browser-is.profile
+++ b/etc/profile-m-z/tor-browser-is.profile
@@ -6,10 +6,10 @@ include tor-browser-is.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-is
+nodeny  ${HOME}/.tor-browser-is
 
 mkdir ${HOME}/.tor-browser-is
-whitelist ${HOME}/.tor-browser-is
+allow  ${HOME}/.tor-browser-is
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile
index a7d46e875ba..b5a2f7c13e1 100644
--- a/etc/profile-m-z/tor-browser-it.profile
+++ b/etc/profile-m-z/tor-browser-it.profile
@@ -6,10 +6,10 @@ include tor-browser-it.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-it
+nodeny  ${HOME}/.tor-browser-it
 
 mkdir ${HOME}/.tor-browser-it
-whitelist ${HOME}/.tor-browser-it
+allow  ${HOME}/.tor-browser-it
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile
index b89016141ac..e1f023bd494 100644
--- a/etc/profile-m-z/tor-browser-ja.profile
+++ b/etc/profile-m-z/tor-browser-ja.profile
@@ -6,10 +6,10 @@ include tor-browser-ja.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ja
+nodeny  ${HOME}/.tor-browser-ja
 
 mkdir ${HOME}/.tor-browser-ja
-whitelist ${HOME}/.tor-browser-ja
+allow  ${HOME}/.tor-browser-ja
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile
index b57cf10decd..17930b58e92 100644
--- a/etc/profile-m-z/tor-browser-ka.profile
+++ b/etc/profile-m-z/tor-browser-ka.profile
@@ -6,10 +6,10 @@ include tor-browser-ka.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ka
+nodeny  ${HOME}/.tor-browser-ka
 
 mkdir ${HOME}/.tor-browser-ka
-whitelist ${HOME}/.tor-browser-ka
+allow  ${HOME}/.tor-browser-ka
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile
index a9bedb6fd6a..b33d1edb4c5 100644
--- a/etc/profile-m-z/tor-browser-ko.profile
+++ b/etc/profile-m-z/tor-browser-ko.profile
@@ -6,10 +6,10 @@ include tor-browser-ko.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ko
+nodeny  ${HOME}/.tor-browser-ko
 
 mkdir ${HOME}/.tor-browser-ko
-whitelist ${HOME}/.tor-browser-ko
+allow  ${HOME}/.tor-browser-ko
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile
index fbe9f92bde4..b462eb9acb5 100644
--- a/etc/profile-m-z/tor-browser-nb.profile
+++ b/etc/profile-m-z/tor-browser-nb.profile
@@ -6,10 +6,10 @@ include tor-browser-nb.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-nb
+nodeny  ${HOME}/.tor-browser-nb
 
 mkdir ${HOME}/.tor-browser-nb
-whitelist ${HOME}/.tor-browser-nb
+allow  ${HOME}/.tor-browser-nb
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile
index 678ac171311..0225eb6fd9a 100644
--- a/etc/profile-m-z/tor-browser-nl.profile
+++ b/etc/profile-m-z/tor-browser-nl.profile
@@ -6,10 +6,10 @@ include tor-browser-nl.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-nl
+nodeny  ${HOME}/.tor-browser-nl
 
 mkdir ${HOME}/.tor-browser-nl
-whitelist ${HOME}/.tor-browser-nl
+allow  ${HOME}/.tor-browser-nl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile
index 25d473b1a92..75604b458b4 100644
--- a/etc/profile-m-z/tor-browser-pl.profile
+++ b/etc/profile-m-z/tor-browser-pl.profile
@@ -6,10 +6,10 @@ include tor-browser-pl.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-pl
+nodeny  ${HOME}/.tor-browser-pl
 
 mkdir ${HOME}/.tor-browser-pl
-whitelist ${HOME}/.tor-browser-pl
+allow  ${HOME}/.tor-browser-pl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile
index 55adbd5ea4a..4d50d80341a 100644
--- a/etc/profile-m-z/tor-browser-pt-br.profile
+++ b/etc/profile-m-z/tor-browser-pt-br.profile
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-pt-br
+nodeny  ${HOME}/.tor-browser-pt-br
 
 mkdir ${HOME}/.tor-browser-pt-br
-whitelist ${HOME}/.tor-browser-pt-br
+allow  ${HOME}/.tor-browser-pt-br
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile
index aea13be9d9b..4bca3c46fc4 100644
--- a/etc/profile-m-z/tor-browser-ru.profile
+++ b/etc/profile-m-z/tor-browser-ru.profile
@@ -6,10 +6,10 @@ include tor-browser-ru.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-ru
+nodeny  ${HOME}/.tor-browser-ru
 
 mkdir ${HOME}/.tor-browser-ru
-whitelist ${HOME}/.tor-browser-ru
+allow  ${HOME}/.tor-browser-ru
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile
index b7882bd04d7..1b319dc43fd 100644
--- a/etc/profile-m-z/tor-browser-sv-se.profile
+++ b/etc/profile-m-z/tor-browser-sv-se.profile
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-sv-se
+nodeny  ${HOME}/.tor-browser-sv-se
 
 mkdir ${HOME}/.tor-browser-sv-se
-whitelist ${HOME}/.tor-browser-sv-se
+allow  ${HOME}/.tor-browser-sv-se
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile
index c52e8c4c448..0775a0c086f 100644
--- a/etc/profile-m-z/tor-browser-tr.profile
+++ b/etc/profile-m-z/tor-browser-tr.profile
@@ -6,10 +6,10 @@ include tor-browser-tr.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-tr
+nodeny  ${HOME}/.tor-browser-tr
 
 mkdir ${HOME}/.tor-browser-tr
-whitelist ${HOME}/.tor-browser-tr
+allow  ${HOME}/.tor-browser-tr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile
index d5bf7665597..c4d5a7a7636 100644
--- a/etc/profile-m-z/tor-browser-vi.profile
+++ b/etc/profile-m-z/tor-browser-vi.profile
@@ -6,10 +6,10 @@ include tor-browser-vi.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-vi
+nodeny  ${HOME}/.tor-browser-vi
 
 mkdir ${HOME}/.tor-browser-vi
-whitelist ${HOME}/.tor-browser-vi
+allow  ${HOME}/.tor-browser-vi
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile
index 6c8925a4a3e..4cd287e5dd4 100644
--- a/etc/profile-m-z/tor-browser-zh-cn.profile
+++ b/etc/profile-m-z/tor-browser-zh-cn.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-zh-cn
+nodeny  ${HOME}/.tor-browser-zh-cn
 
 mkdir ${HOME}/.tor-browser-zh-cn
-whitelist ${HOME}/.tor-browser-zh-cn
+allow  ${HOME}/.tor-browser-zh-cn
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile
index 141a6701edc..c75baf522ad 100644
--- a/etc/profile-m-z/tor-browser-zh-tw.profile
+++ b/etc/profile-m-z/tor-browser-zh-tw.profile
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser-zh-tw
+nodeny  ${HOME}/.tor-browser-zh-tw
 
 mkdir ${HOME}/.tor-browser-zh-tw
-whitelist ${HOME}/.tor-browser-zh-tw
+allow  ${HOME}/.tor-browser-zh-tw
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile
index 76a0e1fa505..8a2dbda53dd 100644
--- a/etc/profile-m-z/tor-browser.profile
+++ b/etc/profile-m-z/tor-browser.profile
@@ -6,10 +6,10 @@ include tor-browser.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser
+nodeny  ${HOME}/.tor-browser
 
 mkdir ${HOME}/.tor-browser
-whitelist ${HOME}/.tor-browser
+allow  ${HOME}/.tor-browser
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile
index d811b754982..90b5a09603a 100644
--- a/etc/profile-m-z/tor-browser_ar.profile
+++ b/etc/profile-m-z/tor-browser_ar.profile
@@ -6,10 +6,10 @@ include tor-browser_ar.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ar
+nodeny  ${HOME}/.tor-browser_ar
 
 mkdir ${HOME}/.tor-browser_ar
-whitelist ${HOME}/.tor-browser_ar
+allow  ${HOME}/.tor-browser_ar
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile
index 8bf1f7cd4ae..a04207ccd66 100644
--- a/etc/profile-m-z/tor-browser_ca.profile
+++ b/etc/profile-m-z/tor-browser_ca.profile
@@ -6,10 +6,10 @@ include tor-browser_ca.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ca
+nodeny  ${HOME}/.tor-browser_ca
 
 mkdir ${HOME}/.tor-browser_ca
-whitelist ${HOME}/.tor-browser_ca
+allow  ${HOME}/.tor-browser_ca
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile
index b41107bf1f4..b99ad14a82b 100644
--- a/etc/profile-m-z/tor-browser_cs.profile
+++ b/etc/profile-m-z/tor-browser_cs.profile
@@ -6,10 +6,10 @@ include tor-browser_cs.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_cs
+nodeny  ${HOME}/.tor-browser_cs
 
 mkdir ${HOME}/.tor-browser_cs
-whitelist ${HOME}/.tor-browser_cs
+allow  ${HOME}/.tor-browser_cs
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile
index cbec4ee2e0c..545e53b7e86 100644
--- a/etc/profile-m-z/tor-browser_da.profile
+++ b/etc/profile-m-z/tor-browser_da.profile
@@ -6,10 +6,10 @@ include tor-browser_da.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_da
+nodeny  ${HOME}/.tor-browser_da
 
 mkdir ${HOME}/.tor-browser_da
-whitelist ${HOME}/.tor-browser_da
+allow  ${HOME}/.tor-browser_da
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile
index ea26765d33b..545f82f7285 100644
--- a/etc/profile-m-z/tor-browser_de.profile
+++ b/etc/profile-m-z/tor-browser_de.profile
@@ -6,10 +6,10 @@ include tor-browser_de.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_de
+nodeny  ${HOME}/.tor-browser_de
 
 mkdir ${HOME}/.tor-browser_de
-whitelist ${HOME}/.tor-browser_de
+allow  ${HOME}/.tor-browser_de
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile
index ff57a872277..3120b17016a 100644
--- a/etc/profile-m-z/tor-browser_el.profile
+++ b/etc/profile-m-z/tor-browser_el.profile
@@ -6,10 +6,10 @@ include tor-browser_el.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_el
+nodeny  ${HOME}/.tor-browser_el
 
 mkdir ${HOME}/.tor-browser_el
-whitelist ${HOME}/.tor-browser_el
+allow  ${HOME}/.tor-browser_el
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile
index 18c92b6386b..6719ac05705 100644
--- a/etc/profile-m-z/tor-browser_en-US.profile
+++ b/etc/profile-m-z/tor-browser_en-US.profile
@@ -6,10 +6,10 @@ include tor-browser_en-US.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_en-US
+nodeny  ${HOME}/.tor-browser_en-US
 
 mkdir ${HOME}/.tor-browser_en-US
-whitelist ${HOME}/.tor-browser_en-US
+allow  ${HOME}/.tor-browser_en-US
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile
index ebba83cc4cf..4cbd3710963 100644
--- a/etc/profile-m-z/tor-browser_en.profile
+++ b/etc/profile-m-z/tor-browser_en.profile
@@ -6,10 +6,10 @@ include tor-browser_en.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_en
+nodeny  ${HOME}/.tor-browser_en
 
 mkdir ${HOME}/.tor-browser_en
-whitelist ${HOME}/.tor-browser_en
+allow  ${HOME}/.tor-browser_en
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile
index aecab38d568..6c8a5987cba 100644
--- a/etc/profile-m-z/tor-browser_es-ES.profile
+++ b/etc/profile-m-z/tor-browser_es-ES.profile
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_es-ES
+nodeny  ${HOME}/.tor-browser_es-ES
 
 mkdir ${HOME}/.tor-browser_es-ES
-whitelist ${HOME}/.tor-browser_es-ES
+allow  ${HOME}/.tor-browser_es-ES
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile
index e19e9b5e685..7d358b7caa2 100644
--- a/etc/profile-m-z/tor-browser_es.profile
+++ b/etc/profile-m-z/tor-browser_es.profile
@@ -6,10 +6,10 @@ include tor-browser_es.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_es
+nodeny  ${HOME}/.tor-browser_es
 
 mkdir ${HOME}/.tor-browser_es
-whitelist ${HOME}/.tor-browser_es
+allow  ${HOME}/.tor-browser_es
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile
index 68414c277e1..fc4285c5d33 100644
--- a/etc/profile-m-z/tor-browser_fa.profile
+++ b/etc/profile-m-z/tor-browser_fa.profile
@@ -6,10 +6,10 @@ include tor-browser_fa.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_fa
+nodeny  ${HOME}/.tor-browser_fa
 
 mkdir ${HOME}/.tor-browser_fa
-whitelist ${HOME}/.tor-browser_fa
+allow  ${HOME}/.tor-browser_fa
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile
index 0a8bb30b753..2d0c0ff1fb9 100644
--- a/etc/profile-m-z/tor-browser_fr.profile
+++ b/etc/profile-m-z/tor-browser_fr.profile
@@ -6,10 +6,10 @@ include tor-browser_fr.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_fr
+nodeny  ${HOME}/.tor-browser_fr
 
 mkdir ${HOME}/.tor-browser_fr
-whitelist ${HOME}/.tor-browser_fr
+allow  ${HOME}/.tor-browser_fr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile
index 12354b900d7..2880e1e2ab5 100644
--- a/etc/profile-m-z/tor-browser_ga-IE.profile
+++ b/etc/profile-m-z/tor-browser_ga-IE.profile
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ga-IE
+nodeny  ${HOME}/.tor-browser_ga-IE
 
 mkdir ${HOME}/.tor-browser_ga-IE
-whitelist ${HOME}/.tor-browser_ga-IE
+allow  ${HOME}/.tor-browser_ga-IE
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile
index 19cbb080922..ac699301945 100644
--- a/etc/profile-m-z/tor-browser_he.profile
+++ b/etc/profile-m-z/tor-browser_he.profile
@@ -6,10 +6,10 @@ include tor-browser_he.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_he
+nodeny  ${HOME}/.tor-browser_he
 
 mkdir ${HOME}/.tor-browser_he
-whitelist ${HOME}/.tor-browser_he
+allow  ${HOME}/.tor-browser_he
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile
index 62b55e170c2..6877a6be4a9 100644
--- a/etc/profile-m-z/tor-browser_hu.profile
+++ b/etc/profile-m-z/tor-browser_hu.profile
@@ -6,10 +6,10 @@ include tor-browser_hu.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_hu
+nodeny  ${HOME}/.tor-browser_hu
 
 mkdir ${HOME}/.tor-browser_hu
-whitelist ${HOME}/.tor-browser_hu
+allow  ${HOME}/.tor-browser_hu
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile
index 2970a7747ae..5f5601f7491 100644
--- a/etc/profile-m-z/tor-browser_id.profile
+++ b/etc/profile-m-z/tor-browser_id.profile
@@ -6,10 +6,10 @@ include tor-browser_id.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_id
+nodeny  ${HOME}/.tor-browser_id
 
 mkdir ${HOME}/.tor-browser_id
-whitelist ${HOME}/.tor-browser_id
+allow  ${HOME}/.tor-browser_id
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile
index f922c764438..f0814d16ea0 100644
--- a/etc/profile-m-z/tor-browser_is.profile
+++ b/etc/profile-m-z/tor-browser_is.profile
@@ -6,10 +6,10 @@ include tor-browser_is.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_is
+nodeny  ${HOME}/.tor-browser_is
 
 mkdir ${HOME}/.tor-browser_is
-whitelist ${HOME}/.tor-browser_is
+allow  ${HOME}/.tor-browser_is
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile
index 40690175976..fa01f6bcad2 100644
--- a/etc/profile-m-z/tor-browser_it.profile
+++ b/etc/profile-m-z/tor-browser_it.profile
@@ -6,10 +6,10 @@ include tor-browser_it.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_it
+nodeny  ${HOME}/.tor-browser_it
 
 mkdir ${HOME}/.tor-browser_it
-whitelist ${HOME}/.tor-browser_it
+allow  ${HOME}/.tor-browser_it
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile
index 8f9d8d751b4..dde107dd393 100644
--- a/etc/profile-m-z/tor-browser_ja.profile
+++ b/etc/profile-m-z/tor-browser_ja.profile
@@ -6,10 +6,10 @@ include tor-browser_ja.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ja
+nodeny  ${HOME}/.tor-browser_ja
 
 mkdir ${HOME}/.tor-browser_ja
-whitelist ${HOME}/.tor-browser_ja
+allow  ${HOME}/.tor-browser_ja
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile
index 4de4135e13a..7de4dff6583 100644
--- a/etc/profile-m-z/tor-browser_ka.profile
+++ b/etc/profile-m-z/tor-browser_ka.profile
@@ -6,10 +6,10 @@ include tor-browser_ka.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ka
+nodeny  ${HOME}/.tor-browser_ka
 
 mkdir ${HOME}/.tor-browser_ka
-whitelist ${HOME}/.tor-browser_ka
+allow  ${HOME}/.tor-browser_ka
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile
index 125c733ce73..7e3ceb4d9e4 100644
--- a/etc/profile-m-z/tor-browser_ko.profile
+++ b/etc/profile-m-z/tor-browser_ko.profile
@@ -6,10 +6,10 @@ include tor-browser_ko.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ko
+nodeny  ${HOME}/.tor-browser_ko
 
 mkdir ${HOME}/.tor-browser_ko
-whitelist ${HOME}/.tor-browser_ko
+allow  ${HOME}/.tor-browser_ko
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile
index dc6ac876bac..c1100196085 100644
--- a/etc/profile-m-z/tor-browser_nb.profile
+++ b/etc/profile-m-z/tor-browser_nb.profile
@@ -6,10 +6,10 @@ include tor-browser_nb.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_nb
+nodeny  ${HOME}/.tor-browser_nb
 
 mkdir ${HOME}/.tor-browser_nb
-whitelist ${HOME}/.tor-browser_nb
+allow  ${HOME}/.tor-browser_nb
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile
index 2a3a5b5193a..2d1044f9db5 100644
--- a/etc/profile-m-z/tor-browser_nl.profile
+++ b/etc/profile-m-z/tor-browser_nl.profile
@@ -6,10 +6,10 @@ include tor-browser_nl.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_nl
+nodeny  ${HOME}/.tor-browser_nl
 
 mkdir ${HOME}/.tor-browser_nl
-whitelist ${HOME}/.tor-browser_nl
+allow  ${HOME}/.tor-browser_nl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile
index b7dec32db09..2818320a06b 100644
--- a/etc/profile-m-z/tor-browser_pl.profile
+++ b/etc/profile-m-z/tor-browser_pl.profile
@@ -6,10 +6,10 @@ include tor-browser_pl.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_pl
+nodeny  ${HOME}/.tor-browser_pl
 
 mkdir ${HOME}/.tor-browser_pl
-whitelist ${HOME}/.tor-browser_pl
+allow  ${HOME}/.tor-browser_pl
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile
index 7a7d4726c8d..8c33e254580 100644
--- a/etc/profile-m-z/tor-browser_pt-BR.profile
+++ b/etc/profile-m-z/tor-browser_pt-BR.profile
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_pt-BR
+nodeny  ${HOME}/.tor-browser_pt-BR
 
 mkdir ${HOME}/.tor-browser_pt-BR
-whitelist ${HOME}/.tor-browser_pt-BR
+allow  ${HOME}/.tor-browser_pt-BR
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile
index 7d2e6bc9787..2553bb03108 100644
--- a/etc/profile-m-z/tor-browser_ru.profile
+++ b/etc/profile-m-z/tor-browser_ru.profile
@@ -6,10 +6,10 @@ include tor-browser_ru.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_ru
+nodeny  ${HOME}/.tor-browser_ru
 
 mkdir ${HOME}/.tor-browser_ru
-whitelist ${HOME}/.tor-browser_ru
+allow  ${HOME}/.tor-browser_ru
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile
index 585925e81cd..3152cb65899 100644
--- a/etc/profile-m-z/tor-browser_sv-SE.profile
+++ b/etc/profile-m-z/tor-browser_sv-SE.profile
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_sv-SE
+nodeny  ${HOME}/.tor-browser_sv-SE
 
 mkdir ${HOME}/.tor-browser_sv-SE
-whitelist ${HOME}/.tor-browser_sv-SE
+allow  ${HOME}/.tor-browser_sv-SE
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile
index 4b0cc3821d6..9808d4725bc 100644
--- a/etc/profile-m-z/tor-browser_tr.profile
+++ b/etc/profile-m-z/tor-browser_tr.profile
@@ -6,10 +6,10 @@ include tor-browser_tr.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_tr
+nodeny  ${HOME}/.tor-browser_tr
 
 mkdir ${HOME}/.tor-browser_tr
-whitelist ${HOME}/.tor-browser_tr
+allow  ${HOME}/.tor-browser_tr
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile
index 4dcfbf56df6..364fca40bb9 100644
--- a/etc/profile-m-z/tor-browser_vi.profile
+++ b/etc/profile-m-z/tor-browser_vi.profile
@@ -6,10 +6,10 @@ include tor-browser_vi.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_vi
+nodeny  ${HOME}/.tor-browser_vi
 
 mkdir ${HOME}/.tor-browser_vi
-whitelist ${HOME}/.tor-browser_vi
+allow  ${HOME}/.tor-browser_vi
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile
index 1e03b8d6bcb..193e8a3998e 100644
--- a/etc/profile-m-z/tor-browser_zh-CN.profile
+++ b/etc/profile-m-z/tor-browser_zh-CN.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_zh-CN
+nodeny  ${HOME}/.tor-browser_zh-CN
 
 mkdir ${HOME}/.tor-browser_zh-CN
-whitelist ${HOME}/.tor-browser_zh-CN
+allow  ${HOME}/.tor-browser_zh-CN
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile
index a2dcf5cf1aa..047be9b8ecb 100644
--- a/etc/profile-m-z/tor-browser_zh-TW.profile
+++ b/etc/profile-m-z/tor-browser_zh-TW.profile
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.tor-browser_zh-TW
+nodeny  ${HOME}/.tor-browser_zh-TW
 
 mkdir ${HOME}/.tor-browser_zh-TW
-whitelist ${HOME}/.tor-browser_zh-TW
+allow  ${HOME}/.tor-browser_zh-TW
 
 # Redirect
 include torbrowser-launcher.profile
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile
index 7659ed1e920..65a37db5fa5 100644
--- a/etc/profile-m-z/torbrowser-launcher.profile
+++ b/etc/profile-m-z/torbrowser-launcher.profile
@@ -8,15 +8,15 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.config/torbrowser
-noblacklist ${HOME}/.local/share/torbrowser
+nodeny  ${HOME}/.config/torbrowser
+nodeny  ${HOME}/.local/share/torbrowser
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
 
-blacklist /opt
-blacklist /srv
+deny  /opt
+deny  /srv
 
 include disable-common.inc
 include disable-devel.inc
@@ -28,10 +28,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/torbrowser
 mkdir ${HOME}/.local/share/torbrowser
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/torbrowser
-whitelist ${HOME}/.local/share/torbrowser
-whitelist /usr/share/torbrowser-launcher
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/torbrowser
+allow  ${HOME}/.local/share/torbrowser
+allow  /usr/share/torbrowser-launcher
 include whitelist-common.inc
 include whitelist-var-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile
index 0f98a8f64c4..c5d89c3e3b6 100644
--- a/etc/profile-m-z/torcs.profile
+++ b/etc/profile-m-z/torcs.profile
@@ -6,7 +6,7 @@ include torcs.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.torcs
+nodeny  ${HOME}/.torcs
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,9 +17,9 @@ include disable-programs.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.torcs
-whitelist ${HOME}/.torcs
-whitelist /usr/share/games/torcs
-whitelist /var/games/torcs
+allow  ${HOME}/.torcs
+allow  /usr/share/games/torcs
+allow  /var/games/torcs
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile
index 70d9e0aee01..77d3c55f83e 100644
--- a/etc/profile-m-z/totem.profile
+++ b/etc/profile-m-z/totem.profile
@@ -13,8 +13,8 @@ include allow-lua.inc
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
-noblacklist ${HOME}/.config/totem
-noblacklist ${HOME}/.local/share/totem
+nodeny  ${HOME}/.config/totem
+nodeny  ${HOME}/.local/share/totem
 
 include disable-common.inc
 include disable-devel.inc
@@ -27,9 +27,9 @@ include disable-shell.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.config/totem
 mkdir ${HOME}/.local/share/totem
-whitelist ${HOME}/.config/totem
-whitelist ${HOME}/.local/share/totem
-whitelist /usr/share/totem
+allow  ${HOME}/.config/totem
+allow  ${HOME}/.local/share/totem
+allow  /usr/share/totem
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile
index 87c5de07646..26f4abd0b08 100644
--- a/etc/profile-m-z/tracker.profile
+++ b/etc/profile-m-z/tracker.profile
@@ -8,8 +8,8 @@ include globals.local
 
 # Tracker is started by systemd on most systems. Therefore it is not firejailed by default
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile
index ea118a9f09d..d5920e2a2cc 100644
--- a/etc/profile-m-z/transgui.profile
+++ b/etc/profile-m-z/transgui.profile
@@ -6,7 +6,7 @@ include transgui.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/transgui
+nodeny  ${HOME}/.config/transgui
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/transgui
-whitelist ${HOME}/.config/transgui
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/transgui
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile
index 82671b70902..5c2cf9d9a51 100644
--- a/etc/profile-m-z/transmission-common.profile
+++ b/etc/profile-m-z/transmission-common.profile
@@ -7,8 +7,8 @@ include transmission-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
+nodeny  ${HOME}/.cache/transmission
+nodeny  ${HOME}/.config/transmission
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/transmission
 mkdir ${HOME}/.config/transmission
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/transmission
+allow  ${HOME}/.config/transmission
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 348d3cb8009..9f0c464fc68 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -10,8 +10,8 @@ include globals.local
 ignore caps.drop all
 
 mkdir ${HOME}/.config/transmission-daemon
-whitelist ${HOME}/.config/transmission-daemon
-whitelist /var/lib/transmission
+allow  ${HOME}/.config/transmission-daemon
+allow  /var/lib/transmission
 
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 protocol packet
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile
index a6400e2c0b9..7c8eddcbcc4 100644
--- a/etc/profile-m-z/transmission-remote-gtk.profile
+++ b/etc/profile-m-z/transmission-remote-gtk.profile
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/transmission-remote-gtk
+nodeny  ${HOME}/.config/transmission-remote-gtk
 
 mkdir ${HOME}/.config/transmission-remote-gtk
-whitelist ${HOME}/.config/transmission-remote-gtk
+allow  ${HOME}/.config/transmission-remote-gtk
 
 private-etc fonts,hostname,hosts,resolv.conf
 # Problems with private-lib (see issue #2889)
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile
index aba563fac30..c2797ddaa48 100644
--- a/etc/profile-m-z/tremulous.profile
+++ b/etc/profile-m-z/tremulous.profile
@@ -6,7 +6,7 @@ include tremulous.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.tremulous
+nodeny  ${HOME}/.tremulous
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.tremulous
-whitelist ${HOME}/.tremulous
-whitelist /usr/share/tremulous
+allow  ${HOME}/.tremulous
+allow  /usr/share/tremulous
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 2d95081f652..95f39b35d14 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -6,10 +6,10 @@ include trojita.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.abook
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.cache/flaska.net/trojita
-noblacklist ${HOME}/.config/flaska.net
+nodeny  ${HOME}/.abook
+nodeny  ${HOME}/.mozilla
+nodeny  ${HOME}/.cache/flaska.net/trojita
+nodeny  ${HOME}/.config/flaska.net
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.abook
 mkdir ${HOME}/.cache/flaska.net/trojita
 mkdir ${HOME}/.config/flaska.net
-whitelist ${HOME}/.abook
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
-whitelist ${HOME}/.cache/flaska.net/trojita
-whitelist ${HOME}/.config/flaska.net
+allow  ${HOME}/.abook
+allow  ${HOME}/.mozilla/firefox/profiles.ini
+allow  ${HOME}/.cache/flaska.net/trojita
+allow  ${HOME}/.config/flaska.net
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile
index 749626475d5..76f289a27f4 100644
--- a/etc/profile-m-z/truecraft.profile
+++ b/etc/profile-m-z/truecraft.profile
@@ -5,8 +5,8 @@ include truecraft.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/mono
-noblacklist ${HOME}/.config/truecraft
+nodeny  ${HOME}/.config/mono
+nodeny  ${HOME}/.config/truecraft
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.config/mono
 mkdir ${HOME}/.config/truecraft
-whitelist ${HOME}/.config/mono
-whitelist ${HOME}/.config/truecraft
+allow  ${HOME}/.config/mono
+allow  ${HOME}/.config/truecraft
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile
index 8d467545475..cd6ae96df7d 100644
--- a/etc/profile-m-z/ts3client_runscript.sh.profile
+++ b/etc/profile-m-z/ts3client_runscript.sh.profile
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/TeamSpeak3-Client-linux_x86
-noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64
+nodeny  ${HOME}/TeamSpeak3-Client-linux_x86
+nodeny  ${HOME}/TeamSpeak3-Client-linux_amd64
 
-whitelist ${HOME}/TeamSpeak3-Client-linux_x86
-whitelist ${HOME}/TeamSpeak3-Client-linux_amd64
+allow  ${HOME}/TeamSpeak3-Client-linux_x86
+allow  ${HOME}/TeamSpeak3-Client-linux_amd64
 
 # Redirect
 include teamspeak3.profile
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile
index d2cb0cc8ac5..e59a86ce607 100644
--- a/etc/profile-m-z/tutanota-desktop.profile
+++ b/etc/profile-m-z/tutanota-desktop.profile
@@ -6,8 +6,8 @@ include tutanota-desktop.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/tuta_integration
-noblacklist ${HOME}/.config/tutanota-desktop
+nodeny  ${HOME}/.config/tuta_integration
+nodeny  ${HOME}/.config/tutanota-desktop
 
 ignore noexec /tmp
 
@@ -15,12 +15,12 @@ include disable-shell.inc
 
 mkdir ${HOME}/.config/tuta_integration
 mkdir ${HOME}/.config/tutanota-desktop
-whitelist ${HOME}/.config/tuta_integration
-whitelist ${HOME}/.config/tutanota-desktop
+allow  ${HOME}/.config/tuta_integration
+allow  ${HOME}/.config/tutanota-desktop
 
 # These lines are needed to allow Firefox to open links
-noblacklist ${HOME}/.mozilla
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
+nodeny  ${HOME}/.mozilla
+allow  ${HOME}/.mozilla/firefox/profiles.ini
 read-only ${HOME}/.mozilla/firefox/profiles.ini
 
 ?HAS_APPIMAGE: ignore private-dev
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile
index 3cd49641221..5bb97e1613a 100644
--- a/etc/profile-m-z/tuxguitar.profile
+++ b/etc/profile-m-z/tuxguitar.profile
@@ -9,9 +9,9 @@ include globals.local
 # tuxguitar fails to launch
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.tuxguitar*
-noblacklist ${DOCUMENTS}
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.tuxguitar*
+nodeny  ${DOCUMENTS}
+nodeny  ${MUSIC}
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile
index dae7d86da13..8febcd337ff 100644
--- a/etc/profile-m-z/tvbrowser.profile
+++ b/etc/profile-m-z/tvbrowser.profile
@@ -6,8 +6,8 @@ include tvbrowser.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/tvbrowser
-noblacklist ${HOME}/.tvbrowser
+nodeny  ${HOME}/.config/tvbrowser
+nodeny  ${HOME}/.tvbrowser
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/tvbrowser
 mkdir ${HOME}/.tvbrowser
-whitelist ${HOME}/.config/tvbrowser
-whitelist ${HOME}/.tvbrowser
-whitelist /usr/share/tvbrowser
+allow  ${HOME}/.config/tvbrowser
+allow  ${HOME}/.tvbrowser
+allow  /usr/share/tvbrowser
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
index 2f573c872f6..abcc885e61c 100644
--- a/etc/profile-m-z/twitch.profile
+++ b/etc/profile-m-z/twitch.profile
@@ -10,12 +10,12 @@ include globals.local
 ignore nou2f
 ignore novideo
 
-noblacklist ${HOME}/.config/Twitch
+nodeny  ${HOME}/.config/Twitch
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Twitch
-whitelist ${HOME}/.config/Twitch
+allow  ${HOME}/.config/Twitch
 
 private-bin twitch
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile
index 3e4fdbb03e7..8c705c95fe5 100644
--- a/etc/profile-m-z/uefitool.profile
+++ b/etc/profile-m-z/uefitool.profile
@@ -5,7 +5,7 @@ include uefitool.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile
index 4420099ffe9..eed2db5415f 100644
--- a/etc/profile-m-z/uget-gtk.profile
+++ b/etc/profile-m-z/uget-gtk.profile
@@ -5,7 +5,7 @@ include uget-gtk.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/uGet
+nodeny  ${HOME}/.config/uGet
 
 include disable-common.inc
 include disable-devel.inc
@@ -14,8 +14,8 @@ include disable-programs.inc
 include disable-shell.inc
 
 mkdir ${HOME}/.config/uGet
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/uGet
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/uGet
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index 0c077babfdb..7e7b3fbec2f 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -6,11 +6,11 @@ include unbound.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 include whitelist-usr-share-common.inc
 
-whitelist /var/lib/unbound
-whitelist /var/run
+allow  /var/lib/unbound
+allow  /var/run
 
 caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource
 ipc-namespace
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile
index 6db7ba3627d..84627197186 100644
--- a/etc/profile-m-z/unf.profile
+++ b/etc/profile-m-z/unf.profile
@@ -7,7 +7,7 @@ include unf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile
index 956492f526a..3e1c6264dc8 100644
--- a/etc/profile-m-z/unknown-horizons.profile
+++ b/etc/profile-m-z/unknown-horizons.profile
@@ -6,7 +6,7 @@ include unknown-horizons.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.unknown-horizons
+nodeny  ${HOME}/.unknown-horizons
 
 include disable-common.inc
 include disable-exec.inc
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.unknown-horizons
-whitelist ${HOME}/.unknown-horizons
+allow  ${HOME}/.unknown-horizons
 include whitelist-common.inc
 include whitelist-runuser-common.inc
-whitelist /usr/share/unknown-horizons
+allow  /usr/share/unknown-horizons
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index 0231e3dbad2..99d2415cafb 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -8,7 +8,7 @@ include unzip.local
 include globals.local
 
 # GNOME Shell integration (chrome-gnome-shell)
-noblacklist ${HOME}/.local/share/gnome-shell
+nodeny  ${HOME}/.local/share/gnome-shell
 
 private-etc alternatives,group,localtime,passwd
 
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile
index dd881f091e1..3b0f7c646f1 100644
--- a/etc/profile-m-z/utox.profile
+++ b/etc/profile-m-z/utox.profile
@@ -6,8 +6,8 @@ include utox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/Tox
-noblacklist ${HOME}/.config/tox
+nodeny  ${HOME}/.cache/Tox
+nodeny  ${HOME}/.config/tox
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/tox
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/tox
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile
index 2adc044e537..3bda7166620 100644
--- a/etc/profile-m-z/uudeview.profile
+++ b/etc/profile-m-z/uudeview.profile
@@ -7,7 +7,7 @@ include uudeview.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+deny  ${RUNUSER}/wayland-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile
index 41487a8f2bd..6899f4bf720 100644
--- a/etc/profile-m-z/uzbl-browser.profile
+++ b/etc/profile-m-z/uzbl-browser.profile
@@ -5,9 +5,9 @@ include uzbl-browser.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/uzbl
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.local/share/uzbl
+nodeny  ${HOME}/.config/uzbl
+nodeny  ${HOME}/.gnupg
+nodeny  ${HOME}/.local/share/uzbl
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl
 mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.local/share/uzbl
 mkdir ${HOME}/.password-store
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.config/uzbl
-whitelist ${HOME}/.gnupg
-whitelist ${HOME}/.local/share/uzbl
-whitelist ${HOME}/.password-store
+allow  ${DOWNLOADS}
+allow  ${HOME}/.config/uzbl
+allow  ${HOME}/.gnupg
+allow  ${HOME}/.local/share/uzbl
+allow  ${HOME}/.password-store
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile
index a9ba344ddc2..e0bf02706bd 100644
--- a/etc/profile-m-z/viewnior.profile
+++ b/etc/profile-m-z/viewnior.profile
@@ -6,11 +6,11 @@ include viewnior.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.config/viewnior
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.config/viewnior
+nodeny  ${HOME}/.steam
 
-blacklist ${HOME}/.bashrc
+deny  ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile
index 8f8ef5939b1..b16f691d6ab 100644
--- a/etc/profile-m-z/viking.profile
+++ b/etc/profile-m-z/viking.profile
@@ -6,9 +6,9 @@ include viking.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.viking
-noblacklist ${HOME}/.viking-maps
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.viking
+nodeny  ${HOME}/.viking-maps
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile
index c3cfe598012..b535225dd3c 100644
--- a/etc/profile-m-z/vim.profile
+++ b/etc/profile-m-z/vim.profile
@@ -6,9 +6,9 @@ include vim.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
-noblacklist ${HOME}/.vimrc
+nodeny  ${HOME}/.vim
+nodeny  ${HOME}/.viminfo
+nodeny  ${HOME}/.vimrc
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index c22fb0ff989..f288283384b 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -6,12 +6,12 @@ include virtualbox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.VirtualBox
-noblacklist ${HOME}/.config/VirtualBox
-noblacklist ${HOME}/VirtualBox VMs
+nodeny  ${HOME}/.VirtualBox
+nodeny  ${HOME}/.config/VirtualBox
+nodeny  ${HOME}/VirtualBox VMs
 # noblacklist /usr/bin/virtualbox
-noblacklist /usr/lib/virtualbox
-noblacklist /usr/lib64/virtualbox
+nodeny  /usr/lib/virtualbox
+nodeny  /usr/lib64/virtualbox
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,10 +23,10 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/VirtualBox
 mkdir ${HOME}/VirtualBox VMs
-whitelist ${HOME}/.config/VirtualBox
-whitelist ${HOME}/VirtualBox VMs
-whitelist ${DOWNLOADS}
-whitelist /usr/share/virtualbox
+allow  ${HOME}/.config/VirtualBox
+allow  ${HOME}/VirtualBox VMs
+allow  ${DOWNLOADS}
+allow  /usr/share/virtualbox
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile
index fdeb0307fbd..3858405db2a 100644
--- a/etc/profile-m-z/vivaldi.profile
+++ b/etc/profile-m-z/vivaldi.profile
@@ -8,26 +8,26 @@ include globals.local
 # Allow HTML5 Proprietary Media & DRM/EME (Widevine)
 ignore apparmor
 ignore noexec /var
-noblacklist /var/opt
-whitelist /var/opt/vivaldi
+nodeny  /var/opt
+allow  /var/opt/vivaldi
 writable-var
 
-noblacklist ${HOME}/.cache/vivaldi
-noblacklist ${HOME}/.cache/vivaldi-snapshot
-noblacklist ${HOME}/.config/vivaldi
-noblacklist ${HOME}/.config/vivaldi-snapshot
-noblacklist ${HOME}/.local/lib/vivaldi
+nodeny  ${HOME}/.cache/vivaldi
+nodeny  ${HOME}/.cache/vivaldi-snapshot
+nodeny  ${HOME}/.config/vivaldi
+nodeny  ${HOME}/.config/vivaldi-snapshot
+nodeny  ${HOME}/.local/lib/vivaldi
 
 mkdir ${HOME}/.cache/vivaldi
 mkdir ${HOME}/.cache/vivaldi-snapshot
 mkdir ${HOME}/.config/vivaldi
 mkdir ${HOME}/.config/vivaldi-snapshot
 mkdir ${HOME}/.local/lib/vivaldi
-whitelist ${HOME}/.cache/vivaldi
-whitelist ${HOME}/.cache/vivaldi-snapshot
-whitelist ${HOME}/.config/vivaldi
-whitelist ${HOME}/.config/vivaldi-snapshot
-whitelist ${HOME}/.local/lib/vivaldi
+allow  ${HOME}/.cache/vivaldi
+allow  ${HOME}/.cache/vivaldi-snapshot
+allow  ${HOME}/.config/vivaldi
+allow  ${HOME}/.config/vivaldi-snapshot
+allow  ${HOME}/.local/lib/vivaldi
 
 #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot
 
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile
index cd7dccd8abc..ede2d4525d3 100644
--- a/etc/profile-m-z/vlc.profile
+++ b/etc/profile-m-z/vlc.profile
@@ -6,10 +6,10 @@ include vlc.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/vlc
-noblacklist ${HOME}/.config/vlc
-noblacklist ${HOME}/.config/aacs
-noblacklist ${HOME}/.local/share/vlc
+nodeny  ${HOME}/.cache/vlc
+nodeny  ${HOME}/.config/vlc
+nodeny  ${HOME}/.config/aacs
+nodeny  ${HOME}/.local/share/vlc
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ read-only ${DESKTOP}
 mkdir ${HOME}/.cache/vlc
 mkdir ${HOME}/.config/vlc
 mkdir ${HOME}/.local/share/vlc
-whitelist ${HOME}/.cache/vlc
-whitelist ${HOME}/.config/vlc
-whitelist ${HOME}/.config/aacs
-whitelist ${HOME}/.local/share/vlc
+allow  ${HOME}/.cache/vlc
+allow  ${HOME}/.config/vlc
+allow  ${HOME}/.config/aacs
+allow  ${HOME}/.local/share/vlc
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile
index f07c31b68d7..f23e90e8402 100644
--- a/etc/profile-m-z/vmware-view.profile
+++ b/etc/profile-m-z/vmware-view.profile
@@ -6,10 +6,10 @@ include vmware-view.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.vmware
+nodeny  ${HOME}/.vmware
 
-noblacklist /sbin
-noblacklist /usr/sbin
+nodeny  /sbin
+nodeny  /usr/sbin
 
 include allow-bin-sh.inc
 
@@ -23,7 +23,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.vmware
-whitelist ${HOME}/.vmware
+allow  ${HOME}/.vmware
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile
index 5241e27b3da..3a535588f86 100644
--- a/etc/profile-m-z/vmware.profile
+++ b/etc/profile-m-z/vmware.profile
@@ -6,8 +6,8 @@ include vmware.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/vmware
-noblacklist ${HOME}/.vmware
+nodeny  ${HOME}/.cache/vmware
+nodeny  ${HOME}/.vmware
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/vmware
 mkdir ${HOME}/.vmware
-whitelist ${HOME}/.cache/vmware
-whitelist ${HOME}/.vmware
+allow  ${HOME}/.cache/vmware
+allow  ${HOME}/.vmware
 # Add the next lines to your vmware.local if you need to use "shared VM".
 #whitelist /var/lib/vmware
 #writable-var
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile
index a4a4fb7d83b..7996113f5b2 100644
--- a/etc/profile-m-z/vscodium.profile
+++ b/etc/profile-m-z/vscodium.profile
@@ -6,7 +6,7 @@ include vscodium.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.VSCodium
+nodeny  ${HOME}/.VSCodium
 
 # Redirect
 include code.profile
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile
index fa6ddf1fb29..a6c38c1f1b5 100644
--- a/etc/profile-m-z/vulturesclaw.profile
+++ b/etc/profile-m-z/vulturesclaw.profile
@@ -6,8 +6,8 @@ include vulturesclaw.local
 # added by included profile
 #include globals.local
 
-noblacklist /var/games/vulturesclaw
-whitelist /var/games/vulturesclaw
+nodeny  /var/games/vulturesclaw
+allow  /var/games/vulturesclaw
 
 # Redirect
 include nethack-vultures.profile
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile
index 49d3fa94fbc..763c50bf6cb 100644
--- a/etc/profile-m-z/vultureseye.profile
+++ b/etc/profile-m-z/vultureseye.profile
@@ -6,8 +6,8 @@ include vultureseye.local
 # added by included profile
 #include globals.local
 
-noblacklist /var/games/vultureseye
-whitelist /var/games/vultureseye
+nodeny  /var/games/vultureseye
+allow  /var/games/vultureseye
 
 # Redirect
 include nethack-vultures.profile
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile
index 5421c4e4bee..1f2462c3297 100644
--- a/etc/profile-m-z/vym.profile
+++ b/etc/profile-m-z/vym.profile
@@ -6,7 +6,7 @@ include vym.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/InSilmaril
+nodeny  ${HOME}/.config/InSilmaril
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 69b2c6c59a0..6b38bbf1308 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -12,10 +12,10 @@ include globals.local
 #ignore private-dev
 #ignore private-etc
 
-noblacklist ${HOME}/.w3m
+nodeny  ${HOME}/.w3m
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}/wayland-*
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
@@ -33,9 +33,9 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.w3m
-whitelist /usr/share/w3m
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.w3m
+allow  /usr/share/w3m
+allow  ${DOWNLOADS}
+allow  ${HOME}/.w3m
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile
index 1227a202c57..6658ac5db48 100644
--- a/etc/profile-m-z/warmux.profile
+++ b/etc/profile-m-z/warmux.profile
@@ -6,9 +6,9 @@ include warmux.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/wormux
-noblacklist ${HOME}/.local/share/wormux
-noblacklist ${HOME}/.wormux
+nodeny  ${HOME}/.config/wormux
+nodeny  ${HOME}/.local/share/wormux
+nodeny  ${HOME}/.wormux
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,10 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/wormux
 mkdir ${HOME}/.local/share/wormux
 mkdir ${HOME}/.wormux
-whitelist ${HOME}/.config/wormux
-whitelist ${HOME}/.local/share/wormux
-whitelist ${HOME}/.wormux
-whitelist /usr/share/warmux
+allow  ${HOME}/.config/wormux
+allow  ${HOME}/.local/share/wormux
+allow  ${HOME}/.wormux
+allow  /usr/share/warmux
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile
index e0cd3daad80..fac4d05557d 100644
--- a/etc/profile-m-z/warsow.profile
+++ b/etc/profile-m-z/warsow.profile
@@ -8,8 +8,8 @@ include globals.local
 
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/warsow-2.1
-noblacklist ${HOME}/.local/share/warsow-2.1
+nodeny  ${HOME}/.cache/warsow-2.1
+nodeny  ${HOME}/.local/share/warsow-2.1
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,9 +22,9 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/warsow-2.1
 mkdir ${HOME}/.local/share/warsow-2.1
-whitelist ${HOME}/.cache/warsow-2.1
-whitelist ${HOME}/.local/share/warsow-2.1
-whitelist /usr/share/warsow
+allow  ${HOME}/.cache/warsow-2.1
+allow  ${HOME}/.local/share/warsow-2.1
+allow  /usr/share/warsow
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile
index 420e8927e35..081ae349be7 100644
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@@ -6,7 +6,7 @@ include warzone2100.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.warzone2100-3.*
+nodeny  ${HOME}/.warzone2100-3.*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,9 +18,9 @@ include disable-shell.inc
 
 mkdir ${HOME}/.warzone2100-3.1
 mkdir ${HOME}/.warzone2100-3.2
-whitelist ${HOME}/.warzone2100-3.1
-whitelist ${HOME}/.warzone2100-3.2
-whitelist /usr/share/games
+allow  ${HOME}/.warzone2100-3.1
+allow  ${HOME}/.warzone2100-3.2
+allow  /usr/share/games
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile
index 18f1ca79a80..4081b29b9b0 100644
--- a/etc/profile-m-z/waterfox.profile
+++ b/etc/profile-m-z/waterfox.profile
@@ -5,13 +5,13 @@ include waterfox.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/waterfox
-noblacklist ${HOME}/.waterfox
+nodeny  ${HOME}/.cache/waterfox
+nodeny  ${HOME}/.waterfox
 
 mkdir ${HOME}/.cache/waterfox
 mkdir ${HOME}/.waterfox
-whitelist ${HOME}/.cache/waterfox
-whitelist ${HOME}/.waterfox
+allow  ${HOME}/.cache/waterfox
+allow  ${HOME}/.waterfox
 
 # Add the next lines to your watefox.local if you want to use the migration wizard.
 #noblacklist ${HOME}/.mozilla
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile
index 69e96d0cdce..1f42dae2ce2 100644
--- a/etc/profile-m-z/webstorm.profile
+++ b/etc/profile-m-z/webstorm.profile
@@ -5,12 +5,12 @@ include webstorm.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.WebStorm*
-noblacklist ${HOME}/.android
-noblacklist ${HOME}/.local/share/JetBrains
-noblacklist ${HOME}/.tooling
+nodeny  ${HOME}/.WebStorm*
+nodeny  ${HOME}/.android
+nodeny  ${HOME}/.local/share/JetBrains
+nodeny  ${HOME}/.tooling
 # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc)
-noblacklist ${HOME}/.config/dolphinrc
+nodeny  ${HOME}/.config/dolphinrc
 
 # Allows files commonly used by IDEs
 include allow-common-devel.inc
@@ -18,8 +18,8 @@ include allow-common-devel.inc
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 
-noblacklist ${PATH}/node
-noblacklist ${HOME}/.nvm
+nodeny  ${PATH}/node
+nodeny  ${HOME}/.nvm
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile
index d5a998f3521..d1bbcfb674d 100644
--- a/etc/profile-m-z/webui-aria2.profile
+++ b/etc/profile-m-z/webui-aria2.profile
@@ -6,7 +6,7 @@ include webui-aria2.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PATH}/node
+nodeny  ${PATH}/node
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile
index 76935212f4a..99941a5908a 100644
--- a/etc/profile-m-z/weechat.profile
+++ b/etc/profile-m-z/weechat.profile
@@ -6,12 +6,12 @@ include weechat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.weechat
+nodeny  ${HOME}/.weechat
 
 include disable-common.inc
 include disable-programs.inc
 
-whitelist /usr/share/weechat
+allow  /usr/share/weechat
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile
index 199b3c6f0cb..47b923e6a70 100644
--- a/etc/profile-m-z/wesnoth.profile
+++ b/etc/profile-m-z/wesnoth.profile
@@ -6,9 +6,9 @@ include wesnoth.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/wesnoth
-noblacklist ${HOME}/.config/wesnoth
-noblacklist ${HOME}/.local/share/wesnoth
+nodeny  ${HOME}/.cache/wesnoth
+nodeny  ${HOME}/.config/wesnoth
+nodeny  ${HOME}/.local/share/wesnoth
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,9 +19,9 @@ include disable-programs.inc
 mkdir ${HOME}/.cache/wesnoth
 mkdir ${HOME}/.config/wesnoth
 mkdir ${HOME}/.local/share/wesnoth
-whitelist ${HOME}/.cache/wesnoth
-whitelist ${HOME}/.config/wesnoth
-whitelist ${HOME}/.local/share/wesnoth
+allow  ${HOME}/.cache/wesnoth
+allow  ${HOME}/.config/wesnoth
+allow  ${HOME}/.local/share/wesnoth
 include whitelist-common.inc
 
 caps.drop all
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index 53c4711bd0f..3c4a4eb631f 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -7,12 +7,12 @@ include wget.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.netrc
-noblacklist ${HOME}/.wget-hsts
-noblacklist ${HOME}/.wgetrc
+nodeny  ${HOME}/.netrc
+nodeny  ${HOME}/.wget-hsts
+nodeny  ${HOME}/.wgetrc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile
index 22a84274d57..fdbd406c2cd 100644
--- a/etc/profile-m-z/whalebird.profile
+++ b/etc/profile-m-z/whalebird.profile
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/Whalebird
+nodeny  ${HOME}/.config/Whalebird
 
 mkdir ${HOME}/.config/Whalebird
-whitelist ${HOME}/.config/Whalebird
+allow  ${HOME}/.config/Whalebird
 
 no3d
 
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index 93871a5a400..35d7fe9cbce 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -7,8 +7,8 @@ include whois.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile
index 0dc26b11dc8..8f5adb0fcdb 100644
--- a/etc/profile-m-z/widelands.profile
+++ b/etc/profile-m-z/widelands.profile
@@ -6,7 +6,7 @@ include widelands.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.widelands
+nodeny  ${HOME}/.widelands
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +18,7 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.widelands
-whitelist ${HOME}/.widelands
+allow  ${HOME}/.widelands
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 0ea24aafd4c..6bc68c82966 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -6,13 +6,13 @@ include wine.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/winetricks
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.local/share/Steam
-noblacklist ${HOME}/.local/share/steam
-noblacklist ${HOME}/.steam
-noblacklist ${HOME}/.wine
-noblacklist /tmp/.wine-*
+nodeny  ${HOME}/.cache/winetricks
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.local/share/Steam
+nodeny  ${HOME}/.local/share/steam
+nodeny  ${HOME}/.steam
+nodeny  ${HOME}/.wine
+nodeny  /tmp/.wine-*
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile
index 151cd2adbd9..5f40bbd4823 100644
--- a/etc/profile-m-z/wire-desktop.profile
+++ b/etc/profile-m-z/wire-desktop.profile
@@ -20,10 +20,10 @@ ignore private-cache
 ignore dbus-user none
 ignore dbus-system none
 
-noblacklist ${HOME}/.config/Wire
+nodeny  ${HOME}/.config/Wire
 
 mkdir ${HOME}/.config/Wire
-whitelist ${HOME}/.config/Wire
+allow  ${HOME}/.config/Wire
 
 private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop
 private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
index 1824026a84c..f3f3472835d 100644
--- a/etc/profile-m-z/wireshark.profile
+++ b/etc/profile-m-z/wireshark.profile
@@ -6,9 +6,9 @@ include wireshark.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/wireshark
-noblacklist ${HOME}/.wireshark
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/wireshark
+nodeny  ${HOME}/.wireshark
+nodeny  ${DOCUMENTS}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist /usr/share/wireshark
+allow  /usr/share/wireshark
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile
index 9c724a5d2fd..1f1541a20f8 100644
--- a/etc/profile-m-z/wordwarvi.profile
+++ b/etc/profile-m-z/wordwarvi.profile
@@ -6,7 +6,7 @@ include wordwarvi.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.wordwarvi
+nodeny  ${HOME}/.wordwarvi
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.wordwarvi
-whitelist ${HOME}/.wordwarvi
-whitelist /usr/share/wordwarvi
+allow  ${HOME}/.wordwarvi
+allow  /usr/share/wordwarvi
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile
index a44b6490ec6..6d16dfb04b0 100644
--- a/etc/profile-m-z/wps.profile
+++ b/etc/profile-m-z/wps.profile
@@ -6,9 +6,9 @@ include wps.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.kingsoft
-noblacklist ${HOME}/.config/Kingsoft
-noblacklist ${HOME}/.local/share/Kingsoft
+nodeny  ${HOME}/.kingsoft
+nodeny  ${HOME}/.config/Kingsoft
+nodeny  ${HOME}/.local/share/Kingsoft
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile
index 557f07cd9b2..311746cd9fe 100644
--- a/etc/profile-m-z/x2goclient.profile
+++ b/etc/profile-m-z/x2goclient.profile
@@ -6,8 +6,8 @@ include x2goclient.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.x2go
-noblacklist ${HOME}/.x2goclient
+nodeny  ${HOME}/.x2go
+nodeny  ${HOME}/.x2goclient
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile
index 384f76acc4f..e545aa3a048 100644
--- a/etc/profile-m-z/xbill.profile
+++ b/etc/profile-m-z/xbill.profile
@@ -15,8 +15,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/xbill
-whitelist /var/games/xbill/scores
+allow  /usr/share/xbill
+allow  /var/games/xbill/scores
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile
index a94444aaba4..7d0adbcc292 100644
--- a/etc/profile-m-z/xchat.profile
+++ b/etc/profile-m-z/xchat.profile
@@ -6,7 +6,7 @@ include xchat.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xchat
+nodeny  ${HOME}/.config/xchat
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile
index 4a3022e83b5..5db709bd134 100644
--- a/etc/profile-m-z/xed.profile
+++ b/etc/profile-m-z/xed.profile
@@ -5,10 +5,10 @@ include xed.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xed
-noblacklist ${HOME}/.python-history
-noblacklist ${HOME}/.python_history
-noblacklist ${HOME}/.pythonhist
+nodeny  ${HOME}/.config/xed
+nodeny  ${HOME}/.python-history
+nodeny  ${HOME}/.python_history
+nodeny  ${HOME}/.pythonhist
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile
index cd9561e7492..297ff616493 100644
--- a/etc/profile-m-z/xfburn.profile
+++ b/etc/profile-m-z/xfburn.profile
@@ -6,7 +6,7 @@ include xfburn.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xfburn
+nodeny  ${HOME}/.config/xfburn
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile
index ecd321c7e65..8ecd84116c0 100644
--- a/etc/profile-m-z/xfce4-dict.profile
+++ b/etc/profile-m-z/xfce4-dict.profile
@@ -6,7 +6,7 @@ include xfce4-dict.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xfce4-dict
+nodeny  ${HOME}/.config/xfce4-dict
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile
index bb38dbebd97..8a6f9e9219b 100644
--- a/etc/profile-m-z/xfce4-mixer.profile
+++ b/etc/profile-m-z/xfce4-mixer.profile
@@ -6,7 +6,7 @@ include xfce4-mixer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+nodeny  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,10 +18,10 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
-whitelist /usr/share/gstreamer-*
-whitelist /usr/share/xfce4
-whitelist /usr/share/xfce4-mixer
+allow  ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+allow  /usr/share/gstreamer-*
+allow  /usr/share/xfce4
+allow  /usr/share/xfce4-mixer
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile
index ebfb4333cbf..fe88f9b2799 100644
--- a/etc/profile-m-z/xfce4-notes.profile
+++ b/etc/profile-m-z/xfce4-notes.profile
@@ -6,9 +6,9 @@ include xfce4-notes.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
-noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
-noblacklist ${HOME}/.local/share/notes
+nodeny  ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+nodeny  ${HOME}/.config/xfce4/xfce4-notes.rc
+nodeny  ${HOME}/.local/share/notes
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile
index b1e5bafbfed..baf2223541c 100644
--- a/etc/profile-m-z/xfce4-screenshooter.profile
+++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${PICTURES}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,7 +17,7 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/xfce4
+allow  /usr/share/xfce4
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile
index 81d98db7a0b..5c11cbd66de 100644
--- a/etc/profile-m-z/xiphos.profile
+++ b/etc/profile-m-z/xiphos.profile
@@ -6,10 +6,10 @@ include xiphos.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.sword
-noblacklist ${HOME}/.xiphos
+nodeny  ${HOME}/.sword
+nodeny  ${HOME}/.xiphos
 
-blacklist ${HOME}/.bashrc
+deny  ${HOME}/.bashrc
 
 include disable-common.inc
 include disable-devel.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 
 mkdir ${HOME}/.sword
 mkdir ${HOME}/.xiphos
-whitelist ${HOME}/.sword
-whitelist ${HOME}/.xiphos
+allow  ${HOME}/.sword
+allow  ${HOME}/.xiphos
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile
index d5e25cfe71f..da480110127 100644
--- a/etc/profile-m-z/xlinks.profile
+++ b/etc/profile-m-z/xlinks.profile
@@ -7,7 +7,7 @@ include xlinks.local
 # added by included profile
 #include globals.local
 
-noblacklist /tmp/.X11-unix
+nodeny  /tmp/.X11-unix
 
 include whitelist-common.inc
 
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2
index 1ae6a60ca4b..a7612cb2aa4 100644
--- a/etc/profile-m-z/xlinks2
+++ b/etc/profile-m-z/xlinks2
@@ -7,7 +7,7 @@ include xlinks2.local
 # added by included profile
 #include globals.local
 
-noblacklist /tmp/.X11-unix
+nodeny  /tmp/.X11-unix
 
 include whitelist-common.inc
 
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile
index 25261d925bd..1ed35f29a5b 100644
--- a/etc/profile-m-z/xmms.profile
+++ b/etc/profile-m-z/xmms.profile
@@ -5,8 +5,8 @@ include xmms.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.xmms
-noblacklist ${MUSIC}
+nodeny  ${HOME}/.xmms
+nodeny  ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile
index e7020f36b32..c97c12f560f 100644
--- a/etc/profile-m-z/xmr-stak.profile
+++ b/etc/profile-m-z/xmr-stak.profile
@@ -5,7 +5,7 @@ include xmr-stak.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.xmr-stak
+nodeny  ${HOME}/.xmr-stak
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile
index 53c9a0a089c..94a09198c8b 100644
--- a/etc/profile-m-z/xonotic.profile
+++ b/etc/profile-m-z/xonotic.profile
@@ -6,7 +6,7 @@ include xonotic.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.xonotic
+nodeny  ${HOME}/.xonotic
 
 include allow-bin-sh.inc
 include allow-opengl-game.inc
@@ -21,8 +21,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.xonotic
-whitelist ${HOME}/.xonotic
-whitelist /usr/share/xonotic
+allow  ${HOME}/.xonotic
+allow  /usr/share/xonotic
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile
index c4f092d50cb..34a188a4ecd 100644
--- a/etc/profile-m-z/xournal.profile
+++ b/etc/profile-m-z/xournal.profile
@@ -6,7 +6,7 @@ include xournal.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -17,8 +17,8 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
-whitelist /usr/share/xournal
-whitelist /usr/share/poppler
+allow  /usr/share/xournal
+allow  /usr/share/poppler
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile
index 988b878b93d..f82d2a5d3e6 100644
--- a/etc/profile-m-z/xournalpp.profile
+++ b/etc/profile-m-z/xournalpp.profile
@@ -7,13 +7,13 @@ include xournalpp.local
 # added by included profile
 #include globals.local
 
-noblacklist ${HOME}/.xournalpp
+nodeny  ${HOME}/.xournalpp
 
 include allow-lua.inc
 
-whitelist /usr/share/texlive
-whitelist /usr/share/xournalpp
-whitelist /var/lib/texmf
+allow  /usr/share/texlive
+allow  /usr/share/xournalpp
+allow  /var/lib/texmf
 include whitelist-runuser-common.inc
 
 #mkdir ${HOME}/.xournalpp
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile
index 1447ec9a749..9da63b52a8f 100644
--- a/etc/profile-m-z/xpdf.profile
+++ b/etc/profile-m-z/xpdf.profile
@@ -6,8 +6,8 @@ include xpdf.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.xpdfrc
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.xpdfrc
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile
index c3bb3292c3b..4af4586e3b4 100644
--- a/etc/profile-m-z/xplayer.profile
+++ b/etc/profile-m-z/xplayer.profile
@@ -5,8 +5,8 @@ include xplayer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/xplayer
-noblacklist ${HOME}/.local/share/xplayer
+nodeny  ${HOME}/.config/xplayer
+nodeny  ${HOME}/.local/share/xplayer
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
@@ -22,8 +22,8 @@ include disable-programs.inc
 read-only ${DESKTOP}
 mkdir ${HOME}/.config/xplayer
 mkdir ${HOME}/.local/share/xplayer
-whitelist ${HOME}/.config/xplayer
-whitelist ${HOME}/.local/share/xplayer
+allow  ${HOME}/.config/xplayer
+allow  ${HOME}/.local/share/xplayer
 include whitelist-common.inc
 include whitelist-player-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile
index 6e409e1aa82..28fbc94dd85 100644
--- a/etc/profile-m-z/xpra.profile
+++ b/etc/profile-m-z/xpra.profile
@@ -25,7 +25,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-whitelist /var/lib/xkb
+allow  /var/lib/xkb
 # whitelisting home directory, or including whitelist-common.inc
 # will crash xpra on some platforms
 
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile
index 3ab35edfc23..440f26af2b4 100644
--- a/etc/profile-m-z/xreader.profile
+++ b/etc/profile-m-z/xreader.profile
@@ -6,9 +6,9 @@ include xreader.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/xreader
-noblacklist ${HOME}/.config/xreader
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.cache/xreader
+nodeny  ${HOME}/.config/xreader
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile
index 4d454f81c90..671e0cf5b42 100644
--- a/etc/profile-m-z/xviewer.profile
+++ b/etc/profile-m-z/xviewer.profile
@@ -5,10 +5,10 @@ include xviewer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.Steam
-noblacklist ${HOME}/.config/xviewer
-noblacklist ${HOME}/.local/share/Trash
-noblacklist ${HOME}/.steam
+nodeny  ${HOME}/.Steam
+nodeny  ${HOME}/.config/xviewer
+nodeny  ${HOME}/.local/share/Trash
+nodeny  ${HOME}/.steam
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile
index 81cd021f7a9..27d0eb41153 100644
--- a/etc/profile-m-z/yandex-browser.profile
+++ b/etc/profile-m-z/yandex-browser.profile
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium
 ignore include whitelist-runuser-common.inc
 ignore include whitelist-usr-share-common.inc
 
-noblacklist ${HOME}/.cache/yandex-browser
-noblacklist ${HOME}/.cache/yandex-browser-beta
-noblacklist ${HOME}/.config/yandex-browser
-noblacklist ${HOME}/.config/yandex-browser-beta
+nodeny  ${HOME}/.cache/yandex-browser
+nodeny  ${HOME}/.cache/yandex-browser-beta
+nodeny  ${HOME}/.config/yandex-browser
+nodeny  ${HOME}/.config/yandex-browser-beta
 
 mkdir ${HOME}/.cache/yandex-browser
 mkdir ${HOME}/.cache/yandex-browser-beta
 mkdir ${HOME}/.config/yandex-browser
 mkdir ${HOME}/.config/yandex-browser-beta
-whitelist ${HOME}/.cache/yandex-browser
-whitelist ${HOME}/.cache/yandex-browser-beta
-whitelist ${HOME}/.config/yandex-browser
-whitelist ${HOME}/.config/yandex-browser-beta
+allow  ${HOME}/.cache/yandex-browser
+allow  ${HOME}/.cache/yandex-browser-beta
+allow  ${HOME}/.config/yandex-browser
+allow  ${HOME}/.config/yandex-browser-beta
 
 # Redirect
 include chromium-common.profile
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index dee154409af..b288993f2af 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -6,7 +6,7 @@ include yelp.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/yelp
+nodeny  ${HOME}/.config/yelp
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,15 +18,15 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/yelp
-whitelist ${HOME}/.config/yelp
-whitelist /usr/libexec/webkit2gtk-4.0
-whitelist /usr/share/doc
-whitelist /usr/share/groff
-whitelist /usr/share/help
-whitelist /usr/share/man
-whitelist /usr/share/yelp
-whitelist /usr/share/yelp-tools
-whitelist /usr/share/yelp-xsl
+allow  ${HOME}/.config/yelp
+allow  /usr/libexec/webkit2gtk-4.0
+allow  /usr/share/doc
+allow  /usr/share/groff
+allow  /usr/share/help
+allow  /usr/share/man
+allow  /usr/share/yelp
+allow  /usr/share/yelp-tools
+allow  /usr/share/yelp-xsl
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
index b52271a2ce9..26ea3acaa9c 100644
--- a/etc/profile-m-z/youtube-dl-gui.profile
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -8,7 +8,7 @@ include globals.local
 include allow-python2.inc
 include allow-python3.inc
 
-noblacklist ${HOME}/.config/youtube-dlg
+nodeny  ${HOME}/.config/youtube-dlg
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/youtube-dlg
-whitelist ${HOME}/.config/youtube-dlg
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/youtube-dlg
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile
index 24c4d6db33f..37f87d0b538 100644
--- a/etc/profile-m-z/youtube-dl.profile
+++ b/etc/profile-m-z/youtube-dl.profile
@@ -10,18 +10,18 @@ include globals.local
 # breaks when installed under ${HOME} via `pip install --user` (see #2833)
 ignore noexec ${HOME}
 
-noblacklist ${HOME}/.cache/youtube-dl
-noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.netrc
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
+nodeny  ${HOME}/.cache/youtube-dl
+nodeny  ${HOME}/.config/youtube-dl
+nodeny  ${HOME}/.netrc
+nodeny  ${MUSIC}
+nodeny  ${VIDEOS}
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
 
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
+deny  /tmp/.X11-unix
+deny  ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile
index b54dd37ad66..84b8bbc6afc 100644
--- a/etc/profile-m-z/youtube-viewer.profile
+++ b/etc/profile-m-z/youtube-viewer.profile
@@ -7,13 +7,13 @@ include youtube-viewer.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.cache/youtube-viewer
-noblacklist ${HOME}/.config/youtube-viewer
+nodeny  ${HOME}/.cache/youtube-viewer
+nodeny  ${HOME}/.config/youtube-viewer
 
 mkdir ${HOME}/.cache/youtube-viewer
 mkdir ${HOME}/.config/youtube-viewer
-whitelist ${HOME}/.cache/youtube-viewer
-whitelist ${HOME}/.config/youtube-viewer
+allow  ${HOME}/.cache/youtube-viewer
+allow  ${HOME}/.config/youtube-viewer
 
 private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer
 
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index 25a073d4af4..f531f815e48 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -7,7 +7,7 @@ include youtube-viewers-common.local
 # added by caller profile
 #include globals.local
 
-noblacklist ${HOME}/.cache/youtube-dl
+nodeny  ${HOME}/.cache/youtube-dl
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+allow  ${DOWNLOADS}
+allow  ${HOME}/.cache/youtube-dl/youtube-sigfuncs
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
index ad7ceaee4c5..b015fb01347 100644
--- a/etc/profile-m-z/youtube.profile
+++ b/etc/profile-m-z/youtube.profile
@@ -9,12 +9,12 @@ include globals.local
 # Disabled until someone reported positive feedback
 ignore nou2f
 
-noblacklist ${HOME}/.config/Youtube
+nodeny  ${HOME}/.config/Youtube
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/Youtube
-whitelist ${HOME}/.config/Youtube
+allow  ${HOME}/.config/Youtube
 
 private-bin youtube
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
index 74b0e38b938..d594a3d0f38 100644
--- a/etc/profile-m-z/youtubemusic-nativefier.profile
+++ b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -6,12 +6,12 @@ include youtube.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/youtubemusic-nativefier-040164
+nodeny  ${HOME}/.config/youtubemusic-nativefier-040164
 
 include disable-shell.inc
 
 mkdir ${HOME}/.config/youtubemusic-nativefier-040164
-whitelist ${HOME}/.config/youtubemusic-nativefier-040164
+allow  ${HOME}/.config/youtubemusic-nativefier-040164
 
 private-bin youtubemusic-nativefier
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile
index ab46fccc2d9..9987c953e7e 100644
--- a/etc/profile-m-z/ytmdesktop.profile
+++ b/etc/profile-m-z/ytmdesktop.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ignore dbus-user none
 
-noblacklist ${HOME}/.config/youtube-music-desktop-app
+nodeny  ${HOME}/.config/youtube-music-desktop-app
 
 mkdir ${HOME}/.config/youtube-music-desktop-app
-whitelist ${HOME}/.config/youtube-music-desktop-app
+allow  ${HOME}/.config/youtube-music-desktop-app
 
 # private-bin env,ytmdesktop
 private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile
index 5a168feb6c3..2f18a8c45ff 100644
--- a/etc/profile-m-z/zaproxy.profile
+++ b/etc/profile-m-z/zaproxy.profile
@@ -6,7 +6,7 @@ include zaproxy.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.ZAP
+nodeny  ${HOME}/.ZAP
 
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -20,8 +20,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.java
 mkdir ${HOME}/.ZAP
-whitelist ${HOME}/.java
-whitelist ${HOME}/.ZAP
+allow  ${HOME}/.java
+allow  ${HOME}/.ZAP
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile
index 10f83aa3035..32ff4f8ed6b 100644
--- a/etc/profile-m-z/zart.profile
+++ b/etc/profile-m-z/zart.profile
@@ -6,8 +6,8 @@ include zart.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${DOCUMENTS}
-noblacklist ${PICTURES}
+nodeny  ${DOCUMENTS}
+nodeny  ${PICTURES}
 
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile
index d0e68c980ef..4bc841f636e 100644
--- a/etc/profile-m-z/zathura.profile
+++ b/etc/profile-m-z/zathura.profile
@@ -6,9 +6,9 @@ include zathura.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/zathura
-noblacklist ${HOME}/.local/share/zathura
-noblacklist ${DOCUMENTS}
+nodeny  ${HOME}/.config/zathura
+nodeny  ${HOME}/.local/share/zathura
+nodeny  ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,8 +22,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.config/zathura
 mkdir ${HOME}/.local/share/zathura
-whitelist /usr/share/doc
-whitelist /usr/share/zathura
+allow  /usr/share/doc
+allow  /usr/share/zathura
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile
index 5de13ab905f..904ea9f05db 100644
--- a/etc/profile-m-z/zcat.profile
+++ b/etc/profile-m-z/zcat.profile
@@ -9,7 +9,7 @@ include zcat.local
 
 # Allow running kernel config check
 ignore include disable-shell.inc
-noblacklist /proc/config.gz
+nodeny  /proc/config.gz
 
 # Redirect
 include gzip.profile
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index 2c6f6910fde..458df2a4629 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -6,9 +6,9 @@ include zeal.local
 # Persistent global definitions
 include globals.local
 
-noblacklist ${HOME}/.config/Zeal
-noblacklist ${HOME}/.cache/Zeal
-noblacklist ${HOME}/.local/share/Zeal
+nodeny  ${HOME}/.config/Zeal
+nodeny  ${HOME}/.cache/Zeal
+nodeny  ${HOME}/.local/share/Zeal
 
 include disable-common.inc
 include disable-devel.inc
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal
 mkdir ${HOME}/.config/qt5ct
 mkdir ${HOME}/.config/Zeal
 mkdir ${HOME}/.local/share/Zeal
-whitelist ${HOME}/.cache/Zeal
-whitelist ${HOME}/.config/Zeal
-whitelist ${HOME}/.local/share/Zeal
+allow  ${HOME}/.cache/Zeal
+allow  ${HOME}/.config/Zeal
+allow  ${HOME}/.local/share/Zeal
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile
index f63dc871fef..e2dfbd10530 100644
--- a/etc/profile-m-z/zgrep.profile
+++ b/etc/profile-m-z/zgrep.profile
@@ -9,7 +9,7 @@ include zgrep.local
 
 # Allow running kernel config check
 ignore include disable-shell.inc
-noblacklist /proc/config.gz
+nodeny  /proc/config.gz
 
 # Redirect
 include gzip.profile
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index ac615d8614f..6b0417b56a4 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -16,17 +16,17 @@ ignore dbus-system none
 # If you use such a system, add 'ignore nogroups' to your zoom.local.
 #ignore nogroups
 
-noblacklist ${HOME}/.config/zoomus.conf
-noblacklist ${HOME}/.zoom
+nodeny  ${HOME}/.config/zoomus.conf
+nodeny  ${HOME}/.zoom
 
-nowhitelist ${DOWNLOADS}
+noallow  ${DOWNLOADS}
 
 mkdir ${HOME}/.cache/zoom
 mkfile ${HOME}/.config/zoomus.conf
 mkdir ${HOME}/.zoom
-whitelist ${HOME}/.cache/zoom
-whitelist ${HOME}/.config/zoomus.conf
-whitelist ${HOME}/.zoom
+allow  ${HOME}/.cache/zoom
+allow  ${HOME}/.config/zoomus.conf
+allow  ${HOME}/.zoom
 
 # Disable for now, see https://github.com/netblue30/firejail/issues/3726
 #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile
index 093da521236..cdbbdccf132 100644
--- a/etc/profile-m-z/zulip.profile
+++ b/etc/profile-m-z/zulip.profile
@@ -8,7 +8,7 @@ include globals.local
 
 ignore noexec /tmp
 
-noblacklist ${HOME}/.config/Zulip
+nodeny  ${HOME}/.config/Zulip
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,8 +20,8 @@ include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/Zulip
-whitelist ${HOME}/.config/Zulip
-whitelist ${DOWNLOADS}
+allow  ${HOME}/.config/Zulip
+allow  ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 29bb5fbacfe..b7c7185a60a 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1751,6 +1751,13 @@ void profile_read(const char *fname) {
 			free(ptr);
 			ptr = tmp;
 		}
+		else if (strncmp(ptr, "deny-nolog ", 11) == 0) {
+			char *tmp;
+			if (asprintf(&tmp, "blacklist-nolog %s", ptr + 11) == -1)
+				errExit("asprintf");
+			free(ptr);
+			ptr = tmp;
+		}
 		// translate noallow/nodeny to nowhitelist/noblacklist
 		else if (strncmp(ptr, "noallow ", 8) == 0) {
 			char *tmp;
diff --git a/src/tools/profcleaner.c b/src/tools/profcleaner.c
new file mode 100644
index 00000000000..93bb3f73d61
--- /dev/null
+++ b/src/tools/profcleaner.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+//*************************************************************
+// Small utility program to convert profiles from blacklist/whitelist to deny/allow
+// Compile:
+//       gcc -o profcleaner profcleaner.c
+// Usage:
+//       profcleaner *.profile
+//*************************************************************
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#define MAXBUF 4096
+
+int main(int argc, char **argv) {
+	printf("Usage: profcleaner files\n");
+	int i;
+
+	for (i = 1; i < argc; i++) {
+		FILE *fp = fopen(argv[i], "r");
+		if (!fp) {
+			fprintf(stderr, "Error: cannot open %s\n", argv[i]);
+			return 1;
+		}
+
+		FILE *fpout = fopen("profcleaner-tmp", "w");
+		if (!fpout) {
+			fprintf(stderr, "Error: cannot open output file\n");
+			return 1;
+		}
+
+		char buf[MAXBUF];
+		while (fgets(buf, MAXBUF, fp)) {
+			if (strncmp(buf, "blacklist-nolog", 15) == 0)
+				fprintf(fpout, "deny-nolog %s", buf + 15);
+			else if (strncmp(buf, "blacklist", 9) == 0)
+				fprintf(fpout, "deny %s", buf + 9);
+			else if (strncmp(buf, "noblacklist", 11) == 0)
+				fprintf(fpout, "nodeny %s", buf + 11);
+			else if (strncmp(buf, "whitelist", 9) == 0)
+				fprintf(fpout, "allow %s", buf + 9);
+			else if (strncmp(buf, "nowhitelist", 11) == 0)
+				fprintf(fpout, "noallow %s", buf + 11);
+			else
+				fprintf(fpout, "%s", buf);
+		}
+
+		fclose(fp);
+		fclose(fpout);
+		unlink(argv[i]);
+		rename("profcleaner-tmp", argv[i]);
+	}
+
+	return 0;
+}
\ No newline at end of file