Whitelist not working for some directories

[RalfJung]

I have a sandbox for vsocde, with the following in the firejail profile:

whitelist ${HOME}/bin/VSCode-linux-x64/
mkdir ${HOME}/.vscode
whitelist ${HOME}/.vscode
mkdir ${HOME}/.config/Code
whitelist ${HOME}/.config/Code
whitelist ${HOME}/src
whitelist ${HOME}/.rustup
whitelist ${HOME}/.cargo
whitelist ${HOME}/.profile
whitelist ${HOME}/.bashrc

However, if I use that profile, I still cannot access some of these directories:

r@r-thinktop:~/bin$ firejail --profile=/etc/firejail/vscode.profile 
Reading profile /etc/firejail/vscode.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-common.local
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-common.local
Parent pid 24344, child pid 24345
Child process initialized in 74.12 ms
r@r-thinktop:~/bin$ ls ~/.rustup
downloads  settings.toml  tmp  toolchains  update-hashes
r@r-thinktop:~/bin$ ls ~/.vscode
ls: cannot open directory '/home/r/.vscode': Permission denied

I am rather puzzled, why are some whitelist entries just plain ignored?

[RalfJung]

Oh, there are blacklist for these directories in disable-programs.inc nowadays, which were not present when I last used this profile.

That means I need to have three lines in my profile to enable a single directory: noblacklist, mkdir, whitelist. Is there a better way?