summaryrefslogtreecommitdiffstats
path: root/src/shared/seccomp-util.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2020-06-23 08:31:16 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2020-06-25 09:00:19 +0200
commit6b000af4f206a87f424f05c163ea818b142e372e (patch)
tree941f6aee47abce048bd88a6218f8082b8b5c52fa /src/shared/seccomp-util.h
parentci: bring back Coverity part 2 (diff)
downloadsystemd-6b000af4f206a87f424f05c163ea818b142e372e.tar.xz
systemd-6b000af4f206a87f424f05c163ea818b142e372e.zip
tree-wide: avoid some loaded terms
https://tools.ietf.org/html/draft-knodel-terminology-02 https://lwn.net/Articles/823224/ This gets rid of most but not occasions of these loaded terms: 1. scsi_id and friends are something that is supposed to be removed from our tree (see #7594) 2. The test suite defines an API used by the ubuntu CI. We can remove this too later, but this needs to be done in sync with the ubuntu CI. 3. In some cases the terms are part of APIs we call or where we expose concepts the kernel names the way it names them. (In particular all remaining uses of the word "slave" in our codebase are like this, it's used by the POSIX PTY layer, by the network subsystem, the mount API and the block device subsystem). Getting rid of the term in these contexts would mean doing some major fixes of the kernel ABI first. Regarding the replacements: when whitelist/blacklist is used as noun we replace with with allow list/deny list, and when used as verb with allow-list/deny-list.
Diffstat (limited to 'src/shared/seccomp-util.h')
-rw-r--r--src/shared/seccomp-util.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 9580f9268d..ef970434c6 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -66,7 +66,7 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, u
typedef enum SeccompParseFlags {
SECCOMP_PARSE_INVERT = 1 << 0,
- SECCOMP_PARSE_WHITELIST = 1 << 1,
+ SECCOMP_PARSE_ALLOW_LIST = 1 << 1,
SECCOMP_PARSE_LOG = 1 << 2,
SECCOMP_PARSE_PERMISSIVE = 1 << 3,
} SeccompParseFlags;
@@ -83,7 +83,7 @@ int seccomp_restrict_archs(Set *archs);
int seccomp_restrict_namespaces(unsigned long retain);
int seccomp_protect_sysctl(void);
int seccomp_protect_syslog(void);
-int seccomp_restrict_address_families(Set *address_families, bool whitelist);
+int seccomp_restrict_address_families(Set *address_families, bool allow_list);
int seccomp_restrict_realtime(void);
int seccomp_memory_deny_write_execute(void);
int seccomp_lock_personality(unsigned long personality);