private-etc: big profile changes

Author: netblue30

etc/profile-a-l/1password.profile

@@ -11,7 +11,7 @@ noblacklist ${HOME}/.config/1Password
 mkdir ${HOME}/.config/1Password
 whitelist ${HOME}/.config/1Password
 
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 
 # Needed for keychain things, talking to Firefox, possibly other things?  Not sure how to narrow down
 ignore dbus-user none

etc/profile-a-l/abiword.profile

@@ -41,7 +41,7 @@ tracelog
 private-bin abiword
 private-cache
 private-dev
-private-etc alternatives,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd
+private-etc @x11
 private-tmp
 
 # dbus-user none

etc/profile-a-l/agetpkg.profile

@@ -49,7 +49,7 @@ tracelog
 private-bin agetpkg,python3
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 
 dbus-user none

etc/profile-a-l/alacarte.profile

@@ -52,7 +52,7 @@ disable-mnt
 # private-bin alacarte,bash,python*,sh
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg
+private-etc @tls-ca,@x11,mime.types
 private-tmp
 
 dbus-user none

etc/profile-a-l/alienarena.profile

@@ -43,7 +43,7 @@ disable-mnt
 private-bin alienarena
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11
+private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,rpc,services
 private-tmp
 
 dbus-user none

etc/profile-a-l/alpine.profile

@@ -90,7 +90,7 @@ disable-mnt
 private-bin alpine
 private-cache
 private-dev
-private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
+private-etc @tls-ca,@x11,c-client.cf,host.conf,krb5.keytab,mailcap,mime.types,pine.conf,pinerc.fixed,rpc,services,terminfo
 private-tmp
 writable-run-user
 writable-var

etc/profile-a-l/anki.profile

@@ -49,7 +49,7 @@ disable-mnt
 private-bin anki,python*
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf
+private-etc @tls-ca,@x11,Trolltech.conf
 private-tmp
 
 dbus-user none

etc/profile-a-l/apostrophe.profile

@@ -62,7 +62,7 @@ disable-mnt
 private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,texlive,X11
+private-etc @x11,texlive
 private-tmp
 
 dbus-user filter

etc/profile-a-l/aria2c.profile

@@ -45,7 +45,7 @@ private-bin aria2c,gzip
 # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772).
 #private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.cache,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl
+private-etc @tls-ca,groups
 private-lib libreadline.so.*
 private-tmp
 

etc/profile-a-l/arm.profile

@@ -42,7 +42,7 @@ tracelog
 disable-mnt
 private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,resolv.conf,ssl,tor
+private-etc @tls-ca,tor
 private-tmp
 
 restrict-namespaces

etc/profile-a-l/artha.profile

@@ -54,7 +54,7 @@ disable-mnt
 private-bin artha,enchant,notify-send
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-lib libnotify.so.*
 private-tmp
 

etc/profile-a-l/atool.profile

@@ -13,7 +13,7 @@ include allow-perl.inc
 noroot
 
 # without login.defs atool complains and uses UID/GID 1000 by default
-private-etc alternatives,group,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf
+private-etc
 private-tmp
 
 # Redirect

etc/profile-a-l/atril.profile

@@ -41,7 +41,7 @@ tracelog
 
 private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 # atril uses webkit gtk to display epub files
 # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
 #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit

etc/profile-a-l/audio-recorder.profile

@@ -43,7 +43,7 @@ tracelog
 disable-mnt
 # private-bin audio-recorder
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc
 private-tmp
 
 dbus-user filter

etc/profile-a-l/authenticator-rs.profile

@@ -46,7 +46,7 @@ disable-mnt
 private-bin authenticator-rs
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg
+private-etc @tls-ca,@x11
 private-tmp
 
 dbus-user filter

etc/profile-a-l/authenticator.profile

@@ -38,7 +38,7 @@ seccomp
 disable-mnt
 # private-bin authenticator,python*
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-tmp
 
 # makes settings immutable

etc/profile-a-l/ballbuster.profile

@@ -44,7 +44,7 @@ disable-mnt
 private-bin ballbuster
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 
 dbus-user none

etc/profile-a-l/bibletime.profile

@@ -51,7 +51,7 @@ disable-mnt
 # private-bin bibletime
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf
+private-etc @tls-ca,sword,sword.conf
 private-tmp
 
 dbus-user none

etc/profile-a-l/bijiben.profile

@@ -50,7 +50,7 @@ disable-mnt
 private-bin bijiben
 # private-cache -- access to .cache/tracker is required
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
+private-etc @x11
 private-tmp
 
 dbus-user filter

etc/profile-a-l/bitwarden.profile

@@ -23,7 +23,7 @@ no3d
 nosound
 
 ?HAS_APPIMAGE: ignore private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl
+private-etc @tls-ca
 private-opt Bitwarden
 
 # Redirect

etc/profile-a-l/bless.profile

@@ -34,7 +34,7 @@ seccomp
 # private-bin bash,bless,mono,sh
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload,mono
+private-etc mono
 private-tmp
 
 dbus-user none

etc/profile-a-l/blobby.profile

@@ -40,7 +40,7 @@ tracelog
 disable-mnt
 private-bin blobby
 private-dev
-private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pulse
+private-etc @x11
 private-lib
 private-tmp
 

etc/profile-a-l/blobwars.profile

@@ -42,7 +42,7 @@ disable-mnt
 private-bin blobwars
 private-cache
 private-dev
-private-etc alternatives,ld.so.cache,ld.so.preload,machine-id
+private-etc
 private-tmp
 
 dbus-user none

etc/profile-a-l/bsdtar.profile

@@ -6,7 +6,7 @@ include bsdtar.local
 # Persistent global definitions
 include globals.local
 
-private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd
+private-etc
 
 # Redirect
 include archiver-common.profile

etc/profile-a-l/cameramonitor.profile

@@ -45,7 +45,7 @@ tracelog
 disable-mnt
 private-bin cameramonitor,python*
 private-cache
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-tmp
 
 # dbus-user none

etc/profile-a-l/cargo.profile

@@ -16,7 +16,7 @@ noblacklist ${HOME}/.cargo/credentials.toml
 #whitelist ${HOME}/.rustup
 
 #private-bin cargo,rustc
-private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,magic,magic.mgc,rpc,services
 
 memory-deny-write-execute
 

etc/profile-a-l/cawbird.profile

@@ -38,7 +38,7 @@ disable-mnt
 private-bin cawbird
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 # dbus-user none

etc/profile-a-l/celluloid.profile

@@ -52,7 +52,7 @@ tracelog
 
 private-bin celluloid,env,gnome-mpv,python*,youtube-dl
 private-cache
-private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg
+private-etc @tls-ca,@x11,libva.conf,pkcs11,selinux
 private-dev
 private-tmp
 

etc/profile-a-l/chatterino.profile

@@ -70,7 +70,7 @@ private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamli
 # private-cache may cause issues with mpv (see #2838)
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11
+private-etc @tls-ca,@x11,dbus-1,rpc,services,Trolltech.conf
 private-srv none
 private-tmp
 

etc/profile-a-l/cheese.profile

@@ -51,7 +51,7 @@ disable-mnt
 private-bin cheese
 private-cache
 private-dev
-private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11,clutter-1.0
 private-tmp
 
 dbus-user filter

etc/profile-a-l/clawsker.profile

@@ -43,7 +43,7 @@ disable-mnt
 private-bin bash,clawsker,perl,sh,which
 private-cache
 private-dev
-private-etc alternatives,fonts,ld.so.cache,ld.so.preload
+private-etc
 private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl*
 private-tmp
 

etc/profile-a-l/cmus.profile

@@ -26,6 +26,6 @@ protocol unix,inet,inet6
 seccomp
 
 private-bin cmus
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca
 
 restrict-namespaces

etc/profile-a-l/cointop.profile

@@ -52,7 +52,7 @@ disable-mnt
 private-bin cointop
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-etc @tls-ca,host.conf,rpc,services
 private-lib
 private-tmp
 

etc/profile-a-l/colorful.profile

@@ -44,7 +44,7 @@ disable-mnt
 private-bin colorful
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-etc
 private-tmp
 
 dbus-user none

etc/profile-a-l/com.github.bleakgrey.tootle.profile

@@ -44,7 +44,7 @@ disable-mnt
 private-bin com.github.bleakgrey.tootle
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
+private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
 
 # Settings are immutable

etc/profile-a-l/com.github.dahenson.agenda.profile

@@ -51,7 +51,7 @@ disable-mnt
 private-bin com.github.dahenson.agenda
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 
 dbus-user filter

etc/profile-a-l/com.github.johnfactotum.Foliate.profile

@@ -54,7 +54,7 @@ disable-mnt
 private-bin com.github.johnfactotum.Foliate,gjs
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gconf,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11,gconf
 private-tmp
 
 read-only ${HOME}

etc/profile-a-l/com.github.phase1geo.minder.profile

@@ -51,7 +51,7 @@ disable-mnt
 private-bin com.github.phase1geo.minder
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,X11,xdg
+private-etc @x11,mime.types
 private-tmp
 
 dbus-user filter

etc/profile-a-l/com.github.tchx84.Flatseal.profile

@@ -51,7 +51,7 @@ disable-mnt
 private-bin com.github.tchx84.Flatseal,gjs
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload
+private-etc @x11
 private-tmp
 
 dbus-user filter

etc/profile-a-l/coyim.profile

@@ -39,7 +39,7 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,ssl
+private-etc @tls-ca
 private-tmp
 
 dbus-user none

etc/profile-a-l/crow.profile

@@ -38,7 +38,7 @@ seccomp
 disable-mnt
 private-bin crow
 private-dev
-private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl
+private-etc @tls-ca,@x11
 private-opt none
 private-tmp
 private-srv none

etc/profile-a-l/d-feet.profile

@@ -49,7 +49,7 @@ disable-mnt
 private-bin d-feet,python*
 private-cache
 private-dev
-private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id
+private-etc dbus-1
 private-tmp
 
 #memory-deny-write-execute - breaks on Arch (see issue #1803)

etc/profile-a-l/dbus-send.profile

@@ -50,7 +50,7 @@ private
 private-bin dbus-send
 private-cache
 private-dev
-private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload
+private-etc dbus-1
 private-lib libpcre*
 private-tmp
 

etc/profile-a-l/dconf-editor.profile

@@ -42,7 +42,7 @@ disable-mnt
 private-bin dconf-editor
 private-cache
 private-dev
-private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id
+private-etc @x11
 private-lib
 private-tmp