From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 5 Feb 2021 18:18:11 +0100 Subject: tools/virtiofsd: Replace the word 'whitelist' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: a65963efa3a8533e8c9fc62e899147612d913058 References: bsc#1183373, CVE-2021-20263 Follow the inclusive terminology from the "Conscious Language in your Open Source Projects" guidelines [*] and replace the words "whitelist" appropriately. [*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20210205171817.2108907-3-philmd@redhat.com> Signed-off-by: Dr. David Alan Gilbert Signed-off-by: Bruce Rogers --- tools/virtiofsd/passthrough_ll.c | 6 +++--- tools/virtiofsd/passthrough_seccomp.c | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c index 03c5e0d13c35849ec90d32fa38a2..90f5281f10ab747098e57a3157c1 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -3195,7 +3195,7 @@ static void setup_mounts(const char *source) } /* - * Only keep whitelisted capabilities that are needed for file system operation + * Only keep capabilities in allowlist that are needed for file system operation * The (possibly NULL) modcaps_in string passed in is free'd before exit. */ static void setup_capabilities(char *modcaps_in) @@ -3205,8 +3205,8 @@ static void setup_capabilities(char *modcaps_in) capng_restore_state(&cap.saved); /* - * Whitelist file system-related capabilities that are needed for a file - * server to act like root. Drop everything else like networking and + * Add to allowlist file system-related capabilities that are needed for a + * file server to act like root. Drop everything else like networking and * sysadmin capabilities. * * Exclusions: diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c index 11623f56f20ca6ceb850ecf2cb8d..c98d28da6c41106d12608cf4b576 100644 --- a/tools/virtiofsd/passthrough_seccomp.c +++ b/tools/virtiofsd/passthrough_seccomp.c @@ -24,7 +24,7 @@ #endif #endif -static const int syscall_whitelist[] = { +static const int syscall_allowlist[] = { /* TODO ireg sem*() syscalls */ SCMP_SYS(brk), SCMP_SYS(capget), /* For CAP_FSETID */ @@ -118,12 +118,12 @@ static const int syscall_whitelist[] = { }; /* Syscalls used when --syslog is enabled */ -static const int syscall_whitelist_syslog[] = { +static const int syscall_allowlist_syslog[] = { SCMP_SYS(send), SCMP_SYS(sendto), }; -static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t len) +static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t len) { size_t i; @@ -154,10 +154,10 @@ void setup_seccomp(bool enable_syslog) exit(1); } - add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist)); + add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist)); if (enable_syslog) { - add_whitelist(ctx, syscall_whitelist_syslog, - G_N_ELEMENTS(syscall_whitelist_syslog)); + add_allowlist(ctx, syscall_allowlist_syslog, + G_N_ELEMENTS(syscall_allowlist_syslog)); } /* libvhost-user calls this for post-copy migration, we don't need it */