diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-06-23 08:31:16 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-06-25 09:00:19 +0200 |
commit | 6b000af4f206a87f424f05c163ea818b142e372e (patch) | |
tree | 941f6aee47abce048bd88a6218f8082b8b5c52fa /src/shared/seccomp-util.h | |
parent | ci: bring back Coverity part 2 (diff) | |
download | systemd-6b000af4f206a87f424f05c163ea818b142e372e.tar.xz systemd-6b000af4f206a87f424f05c163ea818b142e372e.zip |
tree-wide: avoid some loaded terms
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/
This gets rid of most but not occasions of these loaded terms:
1. scsi_id and friends are something that is supposed to be removed from
our tree (see #7594)
2. The test suite defines an API used by the ubuntu CI. We can remove
this too later, but this needs to be done in sync with the ubuntu CI.
3. In some cases the terms are part of APIs we call or where we expose
concepts the kernel names the way it names them. (In particular all
remaining uses of the word "slave" in our codebase are like this,
it's used by the POSIX PTY layer, by the network subsystem, the mount
API and the block device subsystem). Getting rid of the term in these
contexts would mean doing some major fixes of the kernel ABI first.
Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
Diffstat (limited to 'src/shared/seccomp-util.h')
-rw-r--r-- | src/shared/seccomp-util.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 9580f9268d..ef970434c6 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -66,7 +66,7 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, u typedef enum SeccompParseFlags { SECCOMP_PARSE_INVERT = 1 << 0, - SECCOMP_PARSE_WHITELIST = 1 << 1, + SECCOMP_PARSE_ALLOW_LIST = 1 << 1, SECCOMP_PARSE_LOG = 1 << 2, SECCOMP_PARSE_PERMISSIVE = 1 << 3, } SeccompParseFlags; @@ -83,7 +83,7 @@ int seccomp_restrict_archs(Set *archs); int seccomp_restrict_namespaces(unsigned long retain); int seccomp_protect_sysctl(void); int seccomp_protect_syslog(void); -int seccomp_restrict_address_families(Set *address_families, bool whitelist); +int seccomp_restrict_address_families(Set *address_families, bool allow_list); int seccomp_restrict_realtime(void); int seccomp_memory_deny_write_execute(void); int seccomp_lock_personality(unsigned long personality); |