* Philippe Mathieu-Daudé (phi...@redhat.com) wrote:
> Follow the inclusive terminology from the "Conscious Language in your
> Open Source Projects" guidelines [*] and replace the words "whitelist"
> appropriately.
>
> [*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md
>
> Reviewed-by: Dr. David Alan Gilbert
> Reviewed-by: Daniel P. Berrangé
> Signed-off-by: Philippe Mathieu-Daudé
I've queued just this one via virtiofsd.
Dave
> ---
> tools/virtiofsd/passthrough_ll.c | 6 +++---
> tools/virtiofsd/passthrough_seccomp.c | 12 ++--
> 2 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/tools/virtiofsd/passthrough_ll.c
> b/tools/virtiofsd/passthrough_ll.c
> index 147b59338a1..5f3afe85579 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -3204,7 +3204,7 @@ static void setup_mounts(const char *source)
> }
>
> /*
> - * Only keep whitelisted capabilities that are needed for file system
> operation
> + * Only keep capabilities in allowlist that are needed for file system
> operation
> * The (possibly NULL) modcaps_in string passed in is free'd before exit.
> */
> static void setup_capabilities(char *modcaps_in)
> @@ -3214,8 +3214,8 @@ static void setup_capabilities(char *modcaps_in)
> capng_restore_state(&cap.saved);
>
> /*
> - * Whitelist file system-related capabilities that are needed for a file
> - * server to act like root. Drop everything else like networking and
> + * Add to allowlist file system-related capabilities that are needed for
> a
> + * file server to act like root. Drop everything else like networking
> and
> * sysadmin capabilities.
> *
> * Exclusions:
> diff --git a/tools/virtiofsd/passthrough_seccomp.c
> b/tools/virtiofsd/passthrough_seccomp.c
> index ea852e2e33b..62441cfcdb9 100644
> --- a/tools/virtiofsd/passthrough_seccomp.c
> +++ b/tools/virtiofsd/passthrough_seccomp.c
> @@ -21,7 +21,7 @@
> #endif
> #endif
>
> -static const int syscall_whitelist[] = {
> +static const int syscall_allowlist[] = {
> /* TODO ireg sem*() syscalls */
> SCMP_SYS(brk),
> SCMP_SYS(capget), /* For CAP_FSETID */
> @@ -117,12 +117,12 @@ static const int syscall_whitelist[] = {
> };
>
> /* Syscalls used when --syslog is enabled */
> -static const int syscall_whitelist_syslog[] = {
> +static const int syscall_allowlist_syslog[] = {
> SCMP_SYS(send),
> SCMP_SYS(sendto),
> };
>
> -static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t
> len)
> +static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t
> len)
> {
> size_t i;
>
> @@ -153,10 +153,10 @@ void setup_seccomp(bool enable_syslog)
> exit(1);
> }
>
> -add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist));
> +add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist));
> if (enable_syslog) {
> -add_whitelist(ctx, syscall_whitelist_syslog,
> - G_N_ELEMENTS(syscall_whitelist_syslog));
> +add_allowlist(ctx, syscall_allowlist_syslog,
> + G_N_ELEMENTS(syscall_allowlist_syslog));
> }
>
> /* libvhost-user calls this for post-copy migration, we don't need it */
> --
> 2.26.2
>
>
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
