Merge pull request #6885 from kmk3/profiles-organize-blacklists

profiles: organize blacklist sections as per profile.template

etc/profile-a-l/agetpkg.profile

@@ -7,12 +7,12 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 include allow-python3.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/checkbashisms.profile

@@ -7,13 +7,13 @@ include checkbashisms.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${DOCUMENTS}
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/curl.profile

@@ -7,6 +7,10 @@ include curl.local
 # Persistent global definitions
 include globals.local
 
+# If you use nvm, add the below lines to your curl.local
+#ignore read-only ${HOME}/.nvm
+#noblacklist ${HOME}/.nvm
+
 noblacklist ${HOME}/.config/curlrc # since curl 7.73.0
 # curl 7.74.0 introduces experimental support for HSTS cache
 # https://daniel.haxx.se/blog/2020/11/03/hsts-your-curl/
@@ -19,10 +23,6 @@ noblacklist ${HOME}/.netrc
 
 blacklist ${RUNUSER}
 
-# If you use nvm, add the below lines to your curl.local
-#ignore read-only ${HOME}/.nvm
-#noblacklist ${HOME}/.nvm
-
 include disable-common.inc
 include disable-exec.inc
 include disable-programs.inc

etc/profile-a-l/deadlink.profile

@@ -6,15 +6,15 @@ include deadlink.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.config/deadlink
 
 # Allow python (blacklisted by disable-interpreters.inc)
 #include allow-python2.inc
 include allow-python3.inc
 
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/devilspie.profile

@@ -6,10 +6,10 @@ include devilspie.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.devilspie
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/enchant.profile

@@ -6,10 +6,10 @@ include enchant.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.config/enchant
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/evince.profile

@@ -13,9 +13,10 @@ noblacklist ${HOME}/.local/share/gvfs-metadata
 noblacklist ${HOME}/.config/evince
 noblacklist ${DOCUMENTS}
 
+include allow-bin-sh.inc
+
 blacklist /usr/libexec
 
-include allow-bin-sh.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/exiftool.profile

@@ -6,11 +6,11 @@ include exiftool.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/gconf.profile

@@ -6,14 +6,14 @@ include gconf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.config/gconf
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 #include allow-python3.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/gist.profile

@@ -7,13 +7,13 @@ include gist.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.gist
 
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/gnome-boxes.profile

@@ -6,8 +6,6 @@ include gnome-boxes.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.cache/gnome-boxes
 noblacklist ${HOME}/.config/gnome-boxes
 noblacklist ${HOME}/.local/share/gnome-boxes
@@ -16,6 +14,8 @@ noblacklist ${RUNUSER}/libvirt
 noblacklist /sbin
 noblacklist /usr/sbin
 
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/googler-common.profile

@@ -7,8 +7,6 @@ include googler-common.local
 # added by caller profile
 #include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${HOME}/.w3m
 
 # Allow /bin/sh (blacklisted by disable-shell.inc)
@@ -16,6 +14,8 @@ include allow-bin-sh.inc
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/green-recoder.profile

@@ -6,8 +6,6 @@ include green-recorder.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.config/green-recorder
 
 # Allow python 3 (blacklisted by disable-interpreters.inc)
@@ -18,6 +16,8 @@ include allow-bin-sh.inc
 
 noblacklist ${VIDEOS}
 
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/hashcat.profile

@@ -7,14 +7,14 @@ include hashcat.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.cache/hashcat
 noblacklist ${HOME}/.hashcat
 noblacklist ${HOME}/.local/share/hashcat
 noblacklist /usr/include
 noblacklist ${DOCUMENTS}
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/highlight.profile

@@ -6,11 +6,11 @@ include highlight.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc

etc/profile-a-l/host.profile

@@ -7,9 +7,10 @@ include host.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
 noblacklist ${PATH}/host
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/img2txt.profile

@@ -6,11 +6,11 @@ include img2txt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${DOCUMENTS}
 noblacklist ${PICTURES}
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/koreader.profile

@@ -6,14 +6,14 @@ include koreader.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.config/koreader
 noblacklist ${DOCUMENTS}
 
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
 
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-a-l/less.profile

@@ -7,10 +7,10 @@ include less.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${HOME}/.lesshst
 
+blacklist ${RUNUSER}
+
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc

etc/profile-a-l/localsend_app.profile

@@ -6,10 +6,10 @@ include localsend_app.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.local/share/localsend_app
 
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/makepkg.profile

@@ -7,8 +7,6 @@ include makepkg.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
 # for potential issues and their solutions when Firejailing makepkg
 
@@ -29,6 +27,8 @@ blacklist ${HOME}/.gnupg/random_seed
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only.
 noblacklist /var/lib/pacman
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-exec.inc
 include disable-programs.inc

etc/profile-m-z/man.profile

@@ -7,14 +7,14 @@ include man.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${HOME}/.local/share/man
 noblacklist ${HOME}/.rustup
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/mp3splt.profile

@@ -6,10 +6,10 @@ include mp3splt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${MUSIC}
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/mutt.profile

@@ -38,13 +38,13 @@ noblacklist ${HOME}/postponed
 noblacklist ${HOME}/sent
 noblacklist /etc/msmtprc
 
-blacklist ${RUNUSER}/wayland-*
-
 # Add the next lines to your mutt.local for oauth.py,S/MIME support.
 #include allow-perl.inc
 #include allow-python2.inc
 #include allow-python3.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/nano.profile

@@ -7,11 +7,11 @@ include nano.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.config/nano
 noblacklist ${HOME}/.nanorc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/neomutt.profile

@@ -39,10 +39,10 @@ noblacklist /etc/msmtprc
 noblacklist /var/mail
 noblacklist /var/spool/mail
 
-blacklist ${RUNUSER}/wayland-*
-
 include allow-lua.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/nodejs-common.profile

@@ -15,8 +15,6 @@ include nodejs-common.local
 # used by nvm: curl, sha256sum, tar and wget. We have comments in these
 # profiles on how to enable nvm support via local overrides.
 
-blacklist ${RUNUSER}
-
 ignore read-only ${HOME}/.npm-packages
 ignore read-only ${HOME}/.npmrc
 ignore read-only ${HOME}/.nvm
@@ -35,6 +33,8 @@ noblacklist ${HOME}/.yarnrc
 ignore noexec ${HOME}
 include allow-bin-sh.inc
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-exec.inc
 include disable-programs.inc

etc/profile-m-z/nslookup.profile

@@ -7,10 +7,10 @@ include nslookup.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${PATH}/nslookup
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/nvim.profile

@@ -13,13 +13,13 @@ noblacklist ${HOME}/.config/nvim
 noblacklist ${HOME}/.local/share/nvim
 noblacklist ${HOME}/.local/state/nvim
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-blacklist ${RUNUSER}
-
 include whitelist-runuser-common.inc
 
 ipc-namespace

etc/profile-m-z/odt2txt.profile

@@ -6,10 +6,10 @@ include odt2txt.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${DOCUMENTS}
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc

etc/profile-m-z/pandoc.profile

@@ -7,12 +7,12 @@ include pandoc.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${DOCUMENTS}
 
 include allow-bin-sh.inc
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/patch.profile

@@ -7,11 +7,11 @@ include patch.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${DOCUMENTS}
 noblacklist ${PATH}/patch
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/pdftotext.profile

@@ -7,10 +7,10 @@ include pdftotext.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${DOCUMENTS}
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/pkglog.profile

@@ -6,11 +6,11 @@ include pkglog.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/qpdf.profile

@@ -7,10 +7,10 @@ include qpdf.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${DOCUMENTS}
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/rtv.profile

@@ -6,7 +6,10 @@ include rtv.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
+# You can configure rtv to open different type of links in external applications.
+# Configuration: https://github.com/michael-lazar/rtv#viewing-media-links.
+# Add the next line to your rtv.local to enable external application support.
+#include rtv-addons.profile
 
 noblacklist ${HOME}/.config/rtv
 noblacklist ${HOME}/.local/share/rtv
@@ -18,10 +21,8 @@ include allow-bin-sh.inc
 include allow-python2.inc
 include allow-python3.inc
 
-# You can configure rtv to open different type of links in external applications.
+blacklist ${RUNUSER}/wayland-*
-# Configuration: https://github.com/michael-lazar/rtv#viewing-media-links.
+
-# Add the next line to your rtv.local to enable external application support.
-#include rtv-addons.profile
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/session-desktop.profile

@@ -6,12 +6,12 @@ include session-desktop.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
-
 ignore noexec /tmp
 
 noblacklist ${HOME}/.config/Session
 
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/shellcheck.profile

@@ -7,10 +7,10 @@ include shellcheck.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${DOCUMENTS}
 
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/signal-cli.profile

@@ -6,12 +6,12 @@ include signal-cli.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${HOME}/.local/share/signal-cli
 
 include allow-java.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/spectre-meltdown-checker.profile

@@ -6,8 +6,6 @@ include spectre-meltdown-checker.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}/wayland-*
-
 noblacklist ${PATH}/mount
 noblacklist ${PATH}/umount
 noblacklist /proc/config.gz
@@ -15,6 +13,8 @@ noblacklist /proc/config.gz
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/ssmtp.profile

@@ -7,9 +7,6 @@ include ssmtp.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-blacklist /usr/libexec
-
 noblacklist /etc/logcheck
 noblacklist /etc/ssmtp
 noblacklist /sbin
@@ -17,6 +14,10 @@ noblacklist /usr/sbin
 
 noblacklist ${DOCUMENTS}
 noblacklist ${PATH}/ssmtp
+
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/statusof.profile

@@ -7,12 +7,12 @@ include statusof.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-blacklist /usr/libexec
-
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/tesseract.profile

@@ -7,10 +7,11 @@ include tesseract.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist ${DOCUMENTS}
 noblacklist ${PICTURES}
+
+blacklist ${RUNUSER}
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/textroom.profile

@@ -6,11 +6,11 @@ include textroom.local
 # Persistent global definitions
 include globals.local
 
+noblacklist ${HOME}/.config/textroom
+
 blacklist ${RUNUSER}/wayland-*
 blacklist /usr/libexec
 
-noblacklist ${HOME}/.config/textroom
-
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/tmux.profile

@@ -7,10 +7,10 @@ include tmux.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-
 noblacklist /tmp/tmux-*
 
+blacklist ${RUNUSER}
+
 #include disable-common.inc
 #include disable-devel.inc
 #include disable-exec.inc

etc/profile-m-z/tvnamer.profile

@@ -6,9 +6,6 @@ include tvnamer.local
 # Persistent global definitions
 include globals.local
 
-blacklist ${RUNUSER}
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.config/tvnamer
 noblacklist ${VIDEOS}
 
@@ -16,6 +13,9 @@ noblacklist ${VIDEOS}
 include allow-python2.inc
 include allow-python3.inc
 
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/virt-manager.profile

@@ -6,8 +6,6 @@ include virt-manager.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
-
 noblacklist ${HOME}/.cache/virt-manager
 noblacklist ${RUNUSER}/libvirt
 
@@ -17,6 +15,8 @@ noblacklist /usr/sbin
 # Allow python 3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
 
+blacklist /usr/libexec
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/w3m.profile

@@ -15,14 +15,14 @@ include globals.local
 noblacklist ${HOME}/.mailcap
 noblacklist ${HOME}/.w3m
 
-blacklist ${RUNUSER}/wayland-*
-
 # Allow /bin/sh (blacklisted by disable-shell.inc)
 include allow-bin-sh.inc
 
 # Allow perl (blacklisted by disable-interpreters.inc)
 include allow-perl.inc
 
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/wget.profile

@@ -7,16 +7,16 @@ include wget.local
 # Persistent global definitions
 include globals.local
 
+# If you use nvm, add the below lines to your wget.local
+#ignore read-only ${HOME}/.nvm
+#noblacklist ${HOME}/.nvm
+
 noblacklist ${HOME}/.config/wget
 noblacklist ${HOME}/.local/share/wget
 noblacklist ${HOME}/.netrc
 noblacklist ${HOME}/.wget-hsts
 noblacklist ${HOME}/.wgetrc
 
-# If you use nvm, add the below lines to your wget.local
-#ignore read-only ${HOME}/.nvm
-#noblacklist ${HOME}/.nvm
-
 blacklist ${RUNUSER}
 
 include disable-common.inc