tree-wide: avoid some loaded terms

https://tools.ietf.org/html/draft-knodel-terminology-02 https://lwn.net/Articles/823224/ This gets rid of most but not occasions of these loaded terms: 1. scsi_id and friends are something that is supposed to be removed from our tree (see #7594) 2. The test suite defines an API used by the ubuntu CI. We can remove this too later, but this needs to be done in sync with the ubuntu CI. 3. In some cases the terms are part of APIs we call or where we expose concepts the kernel names the way it names them. (In particular all remaining uses of the word "slave" in our codebase are like this, it's used by the POSIX PTY layer, by the network subsystem, the mount API and the block device subsystem). Getting rid of the term in these contexts would mean doing some major fixes of the kernel ABI first. Regarding the replacements: when whitelist/blacklist is used as noun we replace with with allow list/deny list, and when used as verb with allow-list/deny-list.
author: Lennart Poettering <lennart@poettering.net> 2020-06-23 08:31:16 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-06-25 09:00:19 +0200
commit: 6b000af4f206a87f424f05c163ea818b142e372e (patch)
tree: 941f6aee47abce048bd88a6218f8082b8b5c52fa /src/nspawn/nspawn-seccomp.c
parent: ci: bring back Coverity part 2 (diff)
download: systemd-6b000af4f206a87f424f05c163ea818b142e372e.tar.xz
systemd-6b000af4f206a87f424f05c163ea818b142e372e.zip
1 files changed, 13 insertions, 13 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index f94f131f22..79110d90d5 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -25,13 +25,13 @@ static int seccomp_add_default_syscall_filter(
                 scmp_filter_ctx ctx,
                 uint32_t arch,
                 uint64_t cap_list_retain,
-                char **syscall_whitelist,
-                char **syscall_blacklist) {
+                char **syscall_allow_list,
+                char **syscall_deny_list) {
 
         static const struct {
                 uint64_t capability;
                 const char* name;
-        } whitelist[] = {
+        } allow_list[] = {
                 /* Let's use set names where we can */
                 { 0,                  "@aio"                   },
                 { 0,                  "@basic-io"              },
@@ -142,17 +142,17 @@ static int seccomp_add_default_syscall_filter(
         char **p;
         int r;
 
-        for (size_t i = 0; i < ELEMENTSOF(whitelist); i++) {
-                if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0)
+        for (size_t i = 0; i < ELEMENTSOF(allow_list); i++) {
+                if (allow_list[i].capability != 0 && (cap_list_retain & (1ULL << allow_list[i].capability)) == 0)
                         continue;
 
-                r = seccomp_add_syscall_filter_item(ctx, whitelist[i].name, SCMP_ACT_ALLOW, syscall_blacklist, false);
+                r = seccomp_add_syscall_filter_item(ctx, allow_list[i].name, SCMP_ACT_ALLOW, syscall_deny_list, false);
                 if (r < 0)
-                        return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
+                        return log_error_errno(r, "Failed to add syscall filter item %s: %m", allow_list[i].name);
         }
 
-        STRV_FOREACH(p, syscall_whitelist) {
-                r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true);
+        STRV_FOREACH(p, syscall_allow_list) {
+                r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_deny_list, true);
                 if (r < 0)
                         log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
                                           *p, seccomp_arch_to_string(arch));
@@ -161,7 +161,7 @@ static int seccomp_add_default_syscall_filter(
         return 0;
 }
 
-int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist) {
+int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list) {
         uint32_t arch;
         int r;
 
@@ -173,13 +173,13 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys
         SECCOMP_FOREACH_LOCAL_ARCH(arch) {
                 _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
 
-                log_debug("Applying whitelist on architecture: %s", seccomp_arch_to_string(arch));
+                log_debug("Applying allow list on architecture: %s", seccomp_arch_to_string(arch));
 
                 r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ERRNO(EPERM));
                 if (r < 0)
                         return log_error_errno(r, "Failed to allocate seccomp object: %m");
 
-                r = seccomp_add_default_syscall_filter(seccomp, arch, cap_list_retain, syscall_whitelist, syscall_blacklist);
+                r = seccomp_add_default_syscall_filter(seccomp, arch, cap_list_retain, syscall_allow_list, syscall_deny_list);
                 if (r < 0)
                         return r;
 
@@ -231,7 +231,7 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys
 
 #else
 
-int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist) {
+int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list) {
         return 0;
 }
author	Lennart Poettering <lennart@poettering.net>	2020-06-23 08:31:16 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-06-25 09:00:19 +0200
commit	6b000af4f206a87f424f05c163ea818b142e372e (patch)
tree	941f6aee47abce048bd88a6218f8082b8b5c52fa /src/nspawn/nspawn-seccomp.c
parent	ci: bring back Coverity part 2 (diff)
download	systemd-6b000af4f206a87f424f05c163ea818b142e372e.tar.xz systemd-6b000af4f206a87f424f05c163ea818b142e372e.zip