Consistent home directory nomenclature

etc/0ad.profile

@@ -5,21 +5,21 @@ include /etc/firejail/0ad.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/0ad
-noblacklist ~/.config/0ad
-noblacklist ~/.local/share/0ad
+noblacklist ${HOME}/.cache/0ad
+noblacklist ${HOME}/.config/0ad
+noblacklist ${HOME}/.local/share/0ad
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/0ad
-mkdir ~/.config/0ad
-mkdir ~/.local/share/0ad
-whitelist ~/.cache/0ad
-whitelist ~/.config/0ad
-whitelist ~/.local/share/0ad
+mkdir ${HOME}/.cache/0ad
+mkdir ${HOME}/.config/0ad
+mkdir ${HOME}/.local/share/0ad
+whitelist ${HOME}/.cache/0ad
+whitelist ${HOME}/.config/0ad
+whitelist ${HOME}/.local/share/0ad
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/2048-qt.profile

@@ -5,8 +5,8 @@ include /etc/firejail/2048-qt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/2048-qt
-noblacklist ~/.config/xiaoyong
+noblacklist ${HOME}/.config/2048-qt
+noblacklist ${HOME}/.config/xiaoyong
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/Mathematica.profile

@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.Mathematica
-mkdir ~/.Wolfram Research
-whitelist ~/.Mathematica
-whitelist ~/.Wolfram Research
-whitelist ~/Documents/Wolfram Mathematica
+mkdir ${HOME}/.Mathematica
+mkdir ${HOME}/.Wolfram Research
+whitelist ${HOME}/.Mathematica
+whitelist ${HOME}/.Wolfram Research
+whitelist ${HOME}/Documents/Wolfram Mathematica
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/Thunar.profile

@@ -6,8 +6,8 @@ include /etc/firejail/Thunar.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.local/share/Trash
-noblacklist ~/.config/Thunar
-noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+noblacklist ${HOME}/.config/Thunar
+noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/abrowser.profile

@@ -5,34 +5,34 @@ include /etc/firejail/abrowser.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/abrowser
-mkdir ~/.mozilla
+mkdir ${HOME}/.cache/mozilla/abrowser
+mkdir ${HOME}/.mozilla
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/abrowser
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/abrowser
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/ark.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/arkrc
+noblacklist ${HOME}/.config/arkrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/atom.profile

@@ -7,8 +7,8 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.atom
-noblacklist ~/.config/Atom
+noblacklist ${HOME}/.atom
+noblacklist ${HOME}/.config/Atom
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc

etc/atril.profile

@@ -5,10 +5,10 @@ include /etc/firejail/atril.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/atril
+noblacklist ${HOME}/.config/atril
 
-#noblacklist ~/.local/share
-# it seems to use only ~/.local/share/webkitgtk
+#noblacklist ${HOME}/.local/share
+# it seems to use only ${HOME}/.local/share/webkitgtk
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/audacious.profile

@@ -5,8 +5,8 @@ include /etc/firejail/audacious.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Audaciousrc
-noblacklist ~/.config/audacious
+noblacklist ${HOME}/.config/Audaciousrc
+noblacklist ${HOME}/.config/audacious
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/audacity.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.audacity-data
+noblacklist ${HOME}/.audacity-data
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/aweather.profile

@@ -5,15 +5,15 @@ include /etc/firejail/aweather.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/aweather
+noblacklist ${HOME}/.config/aweather
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/aweather
-whitelist ~/.config/aweather
+mkdir ${HOME}/.config/aweather
+whitelist ${HOME}/.config/aweather
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/baloo_file.profile

@@ -41,7 +41,7 @@ private-tmp
 noexec ${HOME}
 noexec /tmp
 
-# Make home directory read-only and allow writing only to ~/.local/share
+# Make home directory read-only and allow writing only to ${HOME}/.local/share
 # Note: Baloo will not be able to update the "first run" key in its configuration files.
 # read-only  ${HOME}
 # read-write ${HOME}/.local/share

etc/bibletime.profile

@@ -5,12 +5,12 @@ include /etc/firejail/bibletime.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-blacklist ~/.Xauthority
-blacklist ~/.bashrc
+blacklist ${HOME}/.Xauthority
+blacklist ${HOME}/.bashrc
 
-noblacklist ~/.bibletime
-noblacklist ~/.config/qt5ct
-noblacklist ~/.sword
+noblacklist ${HOME}/.bibletime
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.sword
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/blender.profile

@@ -5,7 +5,7 @@ include /etc/firejail/blender.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/blender
+noblacklist ${HOME}/.config/blender
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/brasero.profile

@@ -5,7 +5,7 @@ include /etc/firejail/brasero.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/brasero
+noblacklist ${HOME}/.config/brasero
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/brave.profile

@@ -5,25 +5,25 @@ include /etc/firejail/brave.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/brave
+noblacklist ${HOME}/.config/brave
 # brave uses gpg for built-in password manager
-noblacklist ~/.gnupg
-noblacklist ~/.pki
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/brave
-mkdir ~/.pki
+mkdir ${HOME}/.config/brave
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.config/KeePass
-whitelist ~/.config/brave
-whitelist ~/.config/keepass
-whitelist ~/.config/lastpass
-whitelist ~/.keepass
-whitelist ~/.lastpass
-whitelist ~/.pki
+whitelist ${HOME}/.config/KeePass
+whitelist ${HOME}/.config/brave
+whitelist ${HOME}/.config/keepass
+whitelist ${HOME}/.config/lastpass
+whitelist ${HOME}/.keepass
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 # caps.drop all

etc/caja.profile

@@ -8,9 +8,9 @@ include /etc/firejail/globals.local
 # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a caja process running on MATE desktops firejail will have no effect.
 
-# noblacklist ~/.config/caja - disable-programs.inc is disabled, see below
-# noblacklist ~/.local/share/Trash
-# noblacklist ~/.local/share/caja-python
+# noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below
+# noblacklist ${HOME}/.local/share/Trash
+# noblacklist ${HOME}/.local/share/caja-python
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/calibre.profile

@@ -5,8 +5,8 @@ include /etc/firejail/calibre.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/calibre
-noblacklist ~/.config/calibre
+noblacklist ${HOME}/.cache/calibre
+noblacklist ${HOME}/.config/calibre
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc

etc/catfish.profile

@@ -10,7 +10,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/catfish
+noblacklist ${HOME}/.config/catfish
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc

etc/chromium.profile

@@ -5,23 +5,23 @@ include /etc/firejail/chromium.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/chromium
-noblacklist ~/.config/chromium
-noblacklist ~/.config/chromium-flags.conf
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/chromium
+noblacklist ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium-flags.conf
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/chromium
-mkdir ~/.config/chromium
-mkdir ~/.pki
+mkdir ${HOME}/.cache/chromium
+mkdir ${HOME}/.config/chromium
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/chromium
-whitelist ~/.config/chromium
-whitelist ~/.config/chromium-flags.conf
-whitelist ~/.pki
+whitelist ${HOME}/.cache/chromium
+whitelist ${HOME}/.config/chromium
+whitelist ${HOME}/.config/chromium-flags.conf
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/claws-mail.profile

@@ -5,9 +5,9 @@ include /etc/firejail/claws-mail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.claws-mail
-noblacklist ~/.gnupg
-noblacklist ~/.signature
+noblacklist ${HOME}/.claws-mail
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.signature
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/clementine.profile

@@ -5,7 +5,7 @@ include /etc/firejail/clementine.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Clementine
+noblacklist ${HOME}/.config/Clementine
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/cliqz.profile

@@ -5,60 +5,60 @@ include /etc/firejail/cliqz.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/cliqz
-noblacklist ~/.config/cliqz
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-# noblacklist ~/.local/share/gnome-shell/extensions
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
+noblacklist ${HOME}/.cache/cliqz
+noblacklist ${HOME}/.config/cliqz
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+# noblacklist ${HOME}/.local/share/gnome-shell/extensions
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
 
-noblacklist ~/.pki
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/firefox
-mkdir ~/.mozilla
-mkdir ~/.pki
+mkdir ${HOME}/.cache/mozilla/firefox
+mkdir ${HOME}/.mozilla
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/firefox
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde/share/config/okularpartrc
-whitelist ~/.kde/share/config/okularrc
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.kde4/share/config/okularpartrc
-whitelist ~/.kde4/share/config/okularrc
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/gnome-shell/extensions
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/gnome-shell/extensions
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/conkeror.profile

@@ -10,17 +10,17 @@ noblacklist ${HOME}/.conkeror.mozdev.org
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.conkeror.mozdev.org
-whitelist ~/.conkerorrc
-whitelist ~/.gtkrc-2.0
-whitelist ~/.lastpass
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.zotero
-whitelist ~/Downloads
-whitelist ~/dwhelper
+whitelist ${HOME}/.conkeror.mozdev.org
+whitelist ${HOME}/.conkerorrc
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/Downloads
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/corebird.profile

@@ -5,7 +5,7 @@ include /etc/firejail/corebird.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/corebird
+noblacklist ${HOME}/.config/corebird
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/cower.profile

@@ -2,8 +2,8 @@
 # This file is overwritten after every install/update
 
 # This profile could be significantly strengthened by adding the following to cower.local
-# whitelist ~/<Your Build Folder>
-# whitelist ~/.config/cower/
+# whitelist ${HOME}/<Your Build Folder>
+# whitelist ${HOME}/.config/cower/
 
 quiet
 
@@ -12,8 +12,8 @@ include /etc/firejail/cower.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/cower/config
-read-only ~/.config/cower/config
+noblacklist ${HOME}/.config/cower/config
+read-only ${HOME}/.config/cower/config
 
 noblacklist /var/lib/pacman
 

etc/curl.profile

@@ -8,7 +8,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.curlrc
+noblacklist ${HOME}/.curlrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc

etc/cyberfox.profile

@@ -5,49 +5,49 @@ include /etc/firejail/cyberfox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.8pecxstudios
-noblacklist ~/.cache/8pecxstudios
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.pki
+noblacklist ${HOME}/.8pecxstudios
+noblacklist ${HOME}/.cache/8pecxstudios
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.8pecxstudios
-mkdir ~/.cache/8pecxstudios
-mkdir ~/.pki
+mkdir ${HOME}/.8pecxstudios
+mkdir ${HOME}/.cache/8pecxstudios
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.8pecxstudios
-whitelist ~/.cache/8pecxstudios
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.8pecxstudios
+whitelist ${HOME}/.cache/8pecxstudios
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/darktable.profile

@@ -5,8 +5,8 @@ include /etc/firejail/darktable.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/darktable
-noblacklist ~/.config/darktable
+noblacklist ${HOME}/.cache/darktable
+noblacklist ${HOME}/.config/darktable
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/dia.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.dia
+noblacklist ${HOME}/.dia
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/dillo.profile

@@ -5,18 +5,18 @@ include /etc/firejail/dillo.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.dillo
+noblacklist ${HOME}/.dillo
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.dillo
-mkdir ~/.fltk
+mkdir ${HOME}/.dillo
+mkdir ${HOME}/.fltk
 whitelist ${DOWNLOADS}
-whitelist ~/.dillo
-whitelist ~/.fltk
+whitelist ${HOME}/.dillo
+whitelist ${HOME}/.fltk
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/dolphin.profile

@@ -8,8 +8,8 @@ include /etc/firejail/globals.local
 # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
 
 noblacklist ${HOME}/.local/share/Trash
-# noblacklist ~/.config/dolphinrc - diable-programs.inc is disabled, see below
-# noblacklist ~/.local/share/dolphin
+# noblacklist ${HOME}/.config/dolphinrc - diable-programs.inc is disabled, see below
+# noblacklist ${HOME}/.local/share/dolphin
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/dosbox.profile

@@ -5,7 +5,7 @@ include /etc/firejail/dosbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.dosbox
+noblacklist ${HOME}/.dosbox
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/dragon.profile

@@ -5,7 +5,7 @@ include /etc/firejail/dragon.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/dragonplayerrc
+noblacklist ${HOME}/.config/dragonplayerrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/dropbox.profile

@@ -5,23 +5,23 @@ include /etc/firejail/dropbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/autostart
-noblacklist ~/.dropbox
-noblacklist ~/.dropbox-dist
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.dropbox
+noblacklist ${HOME}/.dropbox-dist
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.dropbox
-mkdir ~/.dropbox-dist
-mkdir ~/Dropbox
-mkfile ~/.config/autostart/dropbox.desktop
-whitelist ~/.config/autostart/dropbox.desktop
-whitelist ~/.dropbox
-whitelist ~/.dropbox-dist
-whitelist ~/Dropbox
+mkdir ${HOME}/.dropbox
+mkdir ${HOME}/.dropbox-dist
+mkdir ${HOME}/Dropbox
+mkfile ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.dropbox
+whitelist ${HOME}/.dropbox-dist
+whitelist ${HOME}/Dropbox
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/elinks.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.elinks
+noblacklist ${HOME}/.elinks
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/emacs.profile

@@ -5,8 +5,8 @@ include /etc/firejail/emacs.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.emacs
-noblacklist ~/.emacs.d
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc

etc/enchant.profile

@@ -5,7 +5,7 @@ include /etc/firejail/enchant.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/enchant
+noblacklist ${HOME}/.config/enchant
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/eog.profile

@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus - makes settings immutable
 
-noblacklist ~/.Steam
-noblacklist ~/.config/eog
-noblacklist ~/.local/share/Trash
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/eog
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/eom.profile

@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus - makes settings immutable
 
-noblacklist ~/.Steam
-noblacklist ~/.config/mate/eom
-noblacklist ~/.local/share/Trash
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/mate/eom
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/etr.profile

@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.etr
+noblacklist ${HOME}/.etr
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.etr
-whitelist ~/.etr
+mkdir ${HOME}/.etr
+whitelist ${HOME}/.etr
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/evince.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/evince
+noblacklist ${HOME}/.config/evince
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/evolution.profile

@@ -7,12 +7,12 @@ include /etc/firejail/globals.local
 
 noblacklist /var/mail
 noblacklist /var/spool/mail
-# noblacklist ~/.bogofilter
-noblacklist ~/.cache/evolution
-noblacklist ~/.config/evolution
-noblacklist ~/.gnupg
-noblacklist ~/.local/share/evolution
-noblacklist ~/.pki
+# noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/firefox.profile

@@ -5,67 +5,67 @@ include /etc/firejail/firefox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/kget
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/kgetrc
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/kget
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/kgetrc
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-# noblacklist ~/.local/share/gnome-shell/extensions
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+# noblacklist ${HOME}/.local/share/gnome-shell/extensions
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/firefox
-mkdir ~/.mozilla
-mkdir ~/.pki
+mkdir ${HOME}/.cache/mozilla/firefox
+mkdir ${HOME}/.mozilla
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/firefox
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/kget
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde/share/config/kgetrc
-whitelist ~/.kde/share/config/okularpartrc
-whitelist ~/.kde/share/config/okularrc
-whitelist ~/.kde4/share/apps/kget
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.kde4/share/config/kgetrc
-whitelist ~/.kde4/share/config/okularpartrc
-whitelist ~/.kde4/share/config/okularrc
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/gnome-shell/extensions
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/kget
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/kgetrc
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/kget
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/kgetrc
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/gnome-shell/extensions
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/flashpeak-slimjet.profile

@@ -10,21 +10,21 @@ include /etc/firejail/globals.local
 # to run it is as follows:
 #  firejail flashpeak-slimjet --no-sandbox
 
-noblacklist ~/.cache/slimjet
-noblacklist ~/.config/slimjet
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/slimjet
+noblacklist ${HOME}/.config/slimjet
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/slimjet
-mkdir ~/.config/slimjet
-mkdir ~/.pki
+mkdir ${HOME}/.cache/slimjet
+mkdir ${HOME}/.config/slimjet
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/slimjet
-whitelist ~/.config/slimjet
-whitelist ~/.pki
+whitelist ${HOME}/.cache/slimjet
+whitelist ${HOME}/.config/slimjet
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/fossamail.profile

@@ -5,16 +5,16 @@ include /etc/firejail/fossamail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/fossamail
-noblacklist ~/.fossamail
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.cache/fossamail
+noblacklist ${HOME}/.fossamail
+noblacklist ${HOME}/.gnupg
 
-mkdir ~/.cache/fossamail
-mkdir ~/.fossamail
-mkdir ~/.gnupg
-whitelist ~/.cache/fossamail
-whitelist ~/.fossamail
-whitelist ~/.gnupg
+mkdir ${HOME}/.cache/fossamail
+mkdir ${HOME}/.fossamail
+mkdir ${HOME}/.gnupg
+whitelist ${HOME}/.cache/fossamail
+whitelist ${HOME}/.fossamail
+whitelist ${HOME}/.gnupg
 include /etc/firejail/whitelist-common.inc
 
 # allow browsers

etc/franz.profile

@@ -5,21 +5,21 @@ include /etc/firejail/franz.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/Franz
-noblacklist ~/.config/Franz
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/Franz
+noblacklist ${HOME}/.config/Franz
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/Franz
-mkdir ~/.config/Franz
-mkdir ~/.pki
+mkdir ${HOME}/.cache/Franz
+mkdir ${HOME}/.config/Franz
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/Franz
-whitelist ~/.config/Franz
-whitelist ~/.pki
+whitelist ${HOME}/.cache/Franz
+whitelist ${HOME}/.config/Franz
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/frozen-bubble.profile

@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.frozen-bubble
+noblacklist ${HOME}/.frozen-bubble
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.frozen-bubble
-whitelist ~/.frozen-bubble
+mkdir ${HOME}/.frozen-bubble
+whitelist ${HOME}/.frozen-bubble
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/galculator.profile

@@ -7,15 +7,15 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/galculator
+noblacklist ${HOME}/.config/galculator
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/galculator
-whitelist ~/.config/galculator
+mkdir ${HOME}/.config/galculator
+whitelist ${HOME}/.config/galculator
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/geary.profile

@@ -8,18 +8,18 @@ include /etc/firejail/globals.local
 # Users have Geary set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ~/.gnupg
-noblacklist ~/.local/share/geary
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/geary
 
-mkdir ~/.gnupg
-mkdir ~/.local/share/geary
-whitelist ~/.gnupg
-whitelist ~/.local/share/geary
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.local/share/geary
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.local/share/geary
 include /etc/firejail/whitelist-common.inc
 
 ignore private-tmp
 
-read-only ~/.config/mimeapps.list
+read-only ${HOME}/.config/mimeapps.list
 
 # allow browsers
 # Redirect

etc/geeqie.profile

@@ -5,9 +5,9 @@ include /etc/firejail/geeqie.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/geeqie
-noblacklist ~/.config/geeqie
-noblacklist ~/.local/share/geeqie
+noblacklist ${HOME}/.cache/geeqie
+noblacklist ${HOME}/.config/geeqie
+noblacklist ${HOME}/.local/share/geeqie
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gimp.profile

@@ -30,7 +30,7 @@ shell none
 private-dev
 private-tmp
 
-# gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory
+# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
 # if you are not using external plugins, you can enable noexec statement below
 # noexec ${HOME}
 noexec /tmp

etc/git.profile

@@ -8,13 +8,13 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.emacs
-noblacklist ~/.emacs.d
-noblacklist ~/.gitconfig
-noblacklist ~/.gnupg
-noblacklist ~/.ssh
-noblacklist ~/.vim
-noblacklist ~/.viminfo
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc

etc/gitter.profile

@@ -5,8 +5,8 @@ include /etc/firejail/gitter.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/autostart
-noblacklist ~/.config/Gitter
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/Gitter
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 whitelist ${DOWNLOADS}
-whitelist ~/.config/autostart
-whitelist ~/.config/Gitter
+whitelist ${HOME}/.config/autostart
+whitelist ${HOME}/.config/Gitter
 include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all

etc/gjs.profile

@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.cache/libgweather
-noblacklist ~/.cache/org.gnome.Books
-noblacklist ~/.config/libreoffice
-noblacklist ~/.local/share/gnome-photos
+noblacklist ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.local/share/gnome-photos
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-books.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.cache/org.gnome.Books
+noblacklist ${HOME}/.cache/org.gnome.Books
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-chess.profile

@@ -5,7 +5,7 @@ include /etc/firejail/gnome-chess.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.local/share/gnome-chess
+noblacklist ${HOME}/.local/share/gnome-chess
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-documents.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-mplayer.profile

@@ -5,7 +5,7 @@ include /etc/firejail/gnome-mplayer.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/gnome-mplayer
+noblacklist ${HOME}/.config/gnome-mplayer
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-music.profile

@@ -5,7 +5,7 @@ include /etc/firejail/gnome-music.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.local/share/gnome-music
+noblacklist ${HOME}/.local/share/gnome-music
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-photos.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gnome-weather.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/google-chrome-beta.profile

@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-beta.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/google-chrome-beta
-noblacklist ~/.config/google-chrome-beta
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/google-chrome-beta
+noblacklist ${HOME}/.config/google-chrome-beta
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/google-chrome-beta
-mkdir ~/.config/google-chrome-beta
-mkdir ~/.pki
+mkdir ${HOME}/.cache/google-chrome-beta
+mkdir ${HOME}/.config/google-chrome-beta
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/google-chrome-beta
-whitelist ~/.config/google-chrome-beta
-whitelist ~/.pki
+whitelist ${HOME}/.cache/google-chrome-beta
+whitelist ${HOME}/.config/google-chrome-beta
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.keep sys_chroot,sys_admin

etc/google-chrome-unstable.profile

@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-unstable.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/google-chrome-unstable
-noblacklist ~/.config/google-chrome-unstable
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/google-chrome-unstable
+noblacklist ${HOME}/.config/google-chrome-unstable
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/google-chrome-unstable
-mkdir ~/.config/google-chrome-unstable
-mkdir ~/.pki
+mkdir ${HOME}/.cache/google-chrome-unstable
+mkdir ${HOME}/.config/google-chrome-unstable
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/google-chrome-unstable
-whitelist ~/.config/google-chrome-unstable
-whitelist ~/.pki
+whitelist ${HOME}/.cache/google-chrome-unstable
+whitelist ${HOME}/.config/google-chrome-unstable
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.keep sys_chroot,sys_admin

etc/google-chrome.profile

@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/google-chrome
-noblacklist ~/.config/google-chrome
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/google-chrome
+noblacklist ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/google-chrome
-mkdir ~/.config/google-chrome
-mkdir ~/.pki
+mkdir ${HOME}/.cache/google-chrome
+mkdir ${HOME}/.config/google-chrome
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/google-chrome
-whitelist ~/.config/google-chrome
-whitelist ~/.pki
+whitelist ${HOME}/.cache/google-chrome
+whitelist ${HOME}/.config/google-chrome
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/google-play-music-desktop-player.profile

@@ -5,16 +5,16 @@ include /etc/firejail/google-play-music-desktop-player.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Google Play Music Desktop Player
+noblacklist ${HOME}/.config/Google Play Music Desktop Player
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-# whitelist ~/.config/pulse
-# whitelist ~/.pulse
-whitelist ~/.config/Google Play Music Desktop Player
+# whitelist ${HOME}/.config/pulse
+# whitelist ${HOME}/.pulse
+whitelist ${HOME}/.config/Google Play Music Desktop Player
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/gpa.profile

@@ -5,7 +5,7 @@ include /etc/firejail/gpa.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gpg-agent.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gpg.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gpicview.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/gpicview
+noblacklist ${HOME}/.config/gpicview
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gpredict.profile

@@ -5,14 +5,14 @@ include /etc/firejail/gpredict.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Gpredict
+noblacklist ${HOME}/.config/Gpredict
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.config/Gpredict
+whitelist ${HOME}/.config/Gpredict
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/gthumb.profile

@@ -6,8 +6,8 @@ include /etc/firejail/gthumb.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/gthumb
-noblacklist ~/.Steam
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/gwenview.profile

@@ -7,15 +7,15 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/gwenviewrc
-noblacklist ~/.config/org.kde.gwenviewrc
-noblacklist ~/.gimp*
-noblacklist ~/.kde/share/apps/gwenview
-noblacklist ~/.kde/share/config/gwenviewrc
-noblacklist ~/.kde4/share/apps/gwenview
-noblacklist ~/.kde4/share/config/gwenviewrc
-noblacklist ~/.local/share/gwenview
-noblacklist ~/.local/share/org.kde.gwenview
+noblacklist ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/org.kde.gwenviewrc
+noblacklist ${HOME}/.gimp*
+noblacklist ${HOME}/.kde/share/apps/gwenview
+noblacklist ${HOME}/.kde/share/config/gwenviewrc
+noblacklist ${HOME}/.kde4/share/apps/gwenview
+noblacklist ${HOME}/.kde4/share/config/gwenviewrc
+noblacklist ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/org.kde.gwenview
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/handbrake.profile

@@ -5,7 +5,7 @@ include /etc/firejail/handbrake.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/ghb
+noblacklist ${HOME}/.config/ghb
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/hedgewars.profile

@@ -12,8 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir     ~/.hedgewars
-whitelist ~/.hedgewars
+mkdir     ${HOME}/.hedgewars
+whitelist ${HOME}/.hedgewars
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/hexchat.profile

@@ -13,8 +13,8 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/hexchat
-whitelist ~/.config/hexchat
+mkdir ${HOME}/.config/hexchat
+whitelist ${HOME}/.config/hexchat
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/icecat.profile

@@ -5,34 +5,34 @@ include /etc/firejail/icecat.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/icecat
-mkdir ~/.mozilla
+mkdir ${HOME}/.cache/mozilla/icecat
+mkdir ${HOME}/.mozilla
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/icecat
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/icecat
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/icedove.profile

@@ -8,16 +8,16 @@ include /etc/firejail/globals.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ~/.cache/icedove
-noblacklist ~/.gnupg
-noblacklist ~/.icedove
+noblacklist ${HOME}/.cache/icedove
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.icedove
 
-mkdir ~/.cache/icedove
-mkdir ~/.gnupg
-mkdir ~/.icedove
-whitelist ~/.cache/icedove
-whitelist ~/.gnupg
-whitelist ~/.icedove
+mkdir ${HOME}/.cache/icedove
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.icedove
+whitelist ${HOME}/.cache/icedove
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.icedove
 include /etc/firejail/whitelist-common.inc
 
 ignore private-tmp

etc/inox.profile

@@ -5,20 +5,20 @@ include /etc/firejail/inox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/inox
-noblacklist ~/.config/inox
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/inox
+noblacklist ${HOME}/.config/inox
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/inox
-mkdir ~/.config/inox
-mkdir ~/.pki
+mkdir ${HOME}/.cache/inox
+mkdir ${HOME}/.config/inox
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/inox
-whitelist ~/.config/inox
-whitelist ~/.pki
+whitelist ${HOME}/.cache/inox
+whitelist ${HOME}/.config/inox
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/iridium.profile

@@ -5,21 +5,21 @@ include /etc/firejail/iridium.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/iridium
-noblacklist ~/.config/iridium
+noblacklist ${HOME}/.cache/iridium
+noblacklist ${HOME}/.config/iridium
 
 include /etc/firejail/disable-common.inc
 # chromium/iridium is distributed with a perl script on Arch
 # include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/iridium
-mkdir ~/.config/iridium
-mkdir ~/.pki
+mkdir ${HOME}/.cache/iridium
+mkdir ${HOME}/.config/iridium
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/iridium
-whitelist ~/.config/iridium
-whitelist ~/.pki
+whitelist ${HOME}/.cache/iridium
+whitelist ${HOME}/.config/iridium
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/jitsi.profile

@@ -5,7 +5,7 @@ include /etc/firejail/jitsi.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.jitsi
+noblacklist ${HOME}/.jitsi
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/k3b.profile

@@ -5,9 +5,9 @@ include /etc/firejail/k3b.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/k3brc
-noblacklist ~/.kde/share/config/k3brc
-noblacklist ~/.kde4/share/config/k3brc
+noblacklist ${HOME}/.config/k3brc
+noblacklist ${HOME}/.kde/share/config/k3brc
+noblacklist ${HOME}/.kde4/share/config/k3brc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/kate.profile

@@ -7,12 +7,12 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/katepartrc
-noblacklist ~/.config/katerc
-noblacklist ~/.config/kateschemarc
-noblacklist ~/.config/katesyntaxhighlightingrc
-noblacklist ~/.config/katevirc
-noblacklist ~/.local/share/kate
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.local/share/kate
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc

etc/kget.profile

@@ -5,10 +5,10 @@ include /etc/firejail/kget.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.kde/share/apps/kget
-noblacklist ~/.kde/share/config/kgetrc
-noblacklist ~/.kde4/share/apps/kget
-noblacklist ~/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/config/kgetrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/kino.profile

@@ -5,8 +5,8 @@ include /etc/firejail/kino.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.kino-history
-noblacklist ~/.kinorc
+noblacklist ${HOME}/.kino-history
+noblacklist ${HOME}/.kinorc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/knotes.profile

@@ -5,7 +5,7 @@ include /etc/firejail/knotes.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/knotesrc
+noblacklist ${HOME}/.config/knotesrc
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc

etc/kopete.profile

@@ -5,10 +5,10 @@ include /etc/firejail/kopete.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.kde/share/apps/kopete
-noblacklist ~/.kde/share/config/kopeterc
-noblacklist ~/.kde4/share/apps/kopete
-noblacklist ~/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.kde/share/apps/kopete
+noblacklist ${HOME}/.kde/share/config/kopeterc
+noblacklist ${HOME}/.kde4/share/apps/kopete
+noblacklist ${HOME}/.kde4/share/config/kopeterc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/krunner.profile

@@ -8,9 +8,9 @@ include /etc/firejail/globals.local
 # start a program in krunner: program will run with this generic profile
 # open a file in krunner: file viewer will run with its own profile (if firejailed automatically)
 
-noblacklist ~/.config/krunnerrc
-noblacklist ~/.kde/share/config/krunnerrc
-noblacklist ~/.kde4/share/config/krunnerrc
+noblacklist ${HOME}/.config/krunnerrc
+noblacklist ${HOME}/.kde/share/config/krunnerrc
+noblacklist ${HOME}/.kde4/share/config/krunnerrc
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc

etc/ktorrent.profile

@@ -5,31 +5,31 @@ include /etc/firejail/ktorrent.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/ktorrentrc
-noblacklist ~/.kde/share/apps/ktorrent
-noblacklist ~/.kde/share/config/ktorrentrc
-noblacklist ~/.kde4/share/apps/ktorrent
-noblacklist ~/.kde4/share/config/ktorrentrc
-noblacklist ~/.local/share/ktorrent
+noblacklist ${HOME}/.config/ktorrentrc
+noblacklist ${HOME}/.kde/share/apps/ktorrent
+noblacklist ${HOME}/.kde/share/config/ktorrentrc
+noblacklist ${HOME}/.kde4/share/apps/ktorrent
+noblacklist ${HOME}/.kde4/share/config/ktorrentrc
+noblacklist ${HOME}/.local/share/ktorrent
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.kde/share/apps/ktorrent
-mkdir ~/.kde4/share/apps/ktorrent
-mkdir ~/.local/share/ktorrent
-mkfile ~/.config/ktorrentrc
-mkfile ~/.kde/share/config/ktorrentrc
-mkfile ~/.kde4/share/config/ktorrentrc
+mkdir ${HOME}/.kde/share/apps/ktorrent
+mkdir ${HOME}/.kde4/share/apps/ktorrent
+mkdir ${HOME}/.local/share/ktorrent
+mkfile ${HOME}/.config/ktorrentrc
+mkfile ${HOME}/.kde/share/config/ktorrentrc
+mkfile ${HOME}/.kde4/share/config/ktorrentrc
 whitelist  ${DOWNLOADS}
-whitelist ~/.config/ktorrentrc
-whitelist ~/.kde/share/apps/ktorrent
-whitelist ~/.kde/share/config/ktorrentrc
-whitelist ~/.kde4/share/apps/ktorrent
-whitelist ~/.kde4/share/config/ktorrentrc
-whitelist ~/.local/share/ktorrent
+whitelist ${HOME}/.config/ktorrentrc
+whitelist ${HOME}/.kde/share/apps/ktorrent
+whitelist ${HOME}/.kde/share/config/ktorrentrc
+whitelist ${HOME}/.kde4/share/apps/ktorrent
+whitelist ${HOME}/.kde4/share/config/ktorrentrc
+whitelist ${HOME}/.local/share/ktorrent
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 

etc/kwin_x11.profile

@@ -5,9 +5,9 @@ include /etc/firejail/kwin_x11.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/kwinrc
-noblacklist ~/.config/kwinrulesrc
-noblacklist ~/.local/share/kwin
+noblacklist ${HOME}/.config/kwinrc
+noblacklist ${HOME}/.config/kwinrulesrc
+noblacklist ${HOME}/.local/share/kwin
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/kwrite.profile

@@ -7,13 +7,13 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/katepartrc
-noblacklist ~/.config/katerc
-noblacklist ~/.config/kateschemarc
-noblacklist ~/.config/katesyntaxhighlightingrc
-noblacklist ~/.config/katevirc
-noblacklist ~/.config/kwriterc
-noblacklist ~/.local/share/kwrite
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/kwriterc
+noblacklist ${HOME}/.local/share/kwrite
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc

etc/less.profile

@@ -20,7 +20,7 @@ shell none
 tracelog
 writable-var-log
 
-# The user can have a custom coloring scritps configured in ~/.lessfilter.
+# The user can have a custom coloring scritps configured in ${HOME}/.lessfilter.
 # Enable private-bin and private-lib if you are not using any filter.
 # private-bin less
 # private-lib

etc/libreoffice.profile

@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.java
 noblacklist /usr/local/sbin
-noblacklist ~/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/liferea.profile

@@ -5,21 +5,21 @@ include /etc/firejail/liferea.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/liferea
-noblacklist ~/.config/liferea
-noblacklist ~/.local/share/liferea
+noblacklist ${HOME}/.cache/liferea
+noblacklist ${HOME}/.config/liferea
+noblacklist ${HOME}/.local/share/liferea
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/liferea
-mkdir ~/.config/liferea
-mkdir ~/.local/share/liferea
-whitelist ~/.cache/liferea
-whitelist ~/.config/liferea
-whitelist ~/.local/share/liferea
+mkdir ${HOME}/.cache/liferea
+mkdir ${HOME}/.config/liferea
+mkdir ${HOME}/.local/share/liferea
+whitelist ${HOME}/.cache/liferea
+whitelist ${HOME}/.config/liferea
+whitelist ${HOME}/.local/share/liferea
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/lximage-qt.profile

@@ -5,7 +5,7 @@ include /etc/firejail/lximage-qt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/lximage-qt
+noblacklist ${HOME}/.config/lximage-qt
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/lxmusic.profile

@@ -5,8 +5,8 @@ include /etc/firejail/lxmusic.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/xmms2
-noblacklist ~/.config/xmms2
+noblacklist ${HOME}/.cache/xmms2
+noblacklist ${HOME}/.config/xmms2
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/makepkg.profile

@@ -5,8 +5,8 @@
 # for potential issues and their solutions when Firejailing makepkg
 
 # This profile could be significantly strengthened by adding the following to makepkg.local
-# whitelist ~/<Your Build Folder>
-# whitelist ~/.gnupg
+# whitelist ${HOME}/<Your Build Folder>
+# whitelist ${HOME}/.gnupg
 
 quiet
 # Persistent local customizations
@@ -16,15 +16,15 @@ include /etc/firejail/globals.local
 
 
 # Enable severely restricted access to ${HOME}/.gnupg
-noblacklist ~/.gnupg
-read-only ~/.gnupg/gpg.conf
-read-only ~/.gnupg/trustdb.gpg
-read-only ~/.gnupg/pubring.kbx
-blacklist ~/.gnupg/random_seed
-blacklist ~/.gnupg/pubring.kbx~
-blacklist ~/.gnupg/private-keys-v1.d
-blacklist ~/.gnupg/crls.d
-blacklist ~/.gnupg/openpgp-revocs.d
+noblacklist ${HOME}/.gnupg
+read-only ${HOME}/.gnupg/gpg.conf
+read-only ${HOME}/.gnupg/trustdb.gpg
+read-only ${HOME}/.gnupg/pubring.kbx
+blacklist ${HOME}/.gnupg/random_seed
+blacklist ${HOME}/.gnupg/pubring.kbx~
+blacklist ${HOME}/.gnupg/private-keys-v1.d
+blacklist ${HOME}/.gnupg/crls.d
+blacklist ${HOME}/.gnupg/openpgp-revocs.d
 
 
 # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only}

etc/mediathekview.profile

@@ -5,16 +5,16 @@ include /etc/firejail/mediathekview.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/mpv
-noblacklist ~/.config/smplayer
-noblacklist ~/.config/totem
-noblacklist ~/.config/vlc
-noblacklist ~/.config/xplayer
-noblacklist ~/.java
-noblacklist ~/.local/share/totem
-noblacklist ~/.local/share/xplayer
-noblacklist ~/.mediathek3
-noblacklist ~/.mplayer
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/xplayer
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.mediathek3
+noblacklist ${HOME}/.mplayer
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc

etc/midori.profile

@@ -5,32 +5,32 @@ include /etc/firejail/midori.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/midori
-noblacklist ~/.local/share/midori
-# noblacklist ~/.local/share/webkit
-# noblacklist ~/.local/share/webkitgtk
-noblacklist ~/.pki
+noblacklist ${HOME}/.config/midori
+noblacklist ${HOME}/.local/share/midori
+# noblacklist ${HOME}/.local/share/webkit
+# noblacklist ${HOME}/.local/share/webkitgtk
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/midori
-mkdir ~/.config/midori
-mkdir ~/.local/share/midori
-mkdir ~/.local/share/webkit
-mkdir ~/.local/share/webkitgtk
-mkdir ~/.pki
+mkdir ${HOME}/.cache/midori
+mkdir ${HOME}/.config/midori
+mkdir ${HOME}/.local/share/midori
+mkdir ${HOME}/.local/share/webkit
+mkdir ${HOME}/.local/share/webkitgtk
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/midori
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/midori
-whitelist ~/.lastpass
-whitelist ~/.local/share/midori
-whitelist ~/.local/share/webkit
-whitelist ~/.local/share/webkitgtk
-whitelist ~/.pki
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/midori
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/midori
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/midori
+whitelist ${HOME}/.local/share/webkit
+whitelist ${HOME}/.local/share/webkitgtk
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all

etc/mousepad.profile

@@ -5,7 +5,7 @@ include /etc/firejail/mousepad.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Mousepad
+noblacklist ${HOME}/.config/Mousepad
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc