summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2020-06-10 21:25:54 -0400
committerPaul Moore <paul@paul-moore.com>2020-06-11 14:07:58 -0400
commit0e762521d604612bb4dca8867d4a428a5e6cae54 (patch)
tree9aaff2654f3405c4ec4e77386c20f66ec5104693
parentc22f0712293d2842af4b269d4f9c0799085a0340 (diff)
downloadlibseccomp-0e762521d604612bb4dca8867d4a428a5e6cae54.tar.gz
all: pick better names for some legacy terminology
I've never wanted my code to be either a reminder or a source of hurt for others, but it is possible that some older terminology used in this repository may do just that. That's a bug we need to fix, and hopefully this patch does just that. Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--src/system.c10
-rw-r--r--tests/.gitignore4
-rw-r--r--tests/18-sim-basic_allowlist.c (renamed from tests/18-sim-basic_whitelist.c)0
-rwxr-xr-xtests/18-sim-basic_allowlist.py (renamed from tests/18-sim-basic_whitelist.py)0
-rw-r--r--tests/18-sim-basic_allowlist.tests32
-rw-r--r--tests/18-sim-basic_whitelist.tests32
-rw-r--r--tests/34-sim-basic_blacklist.tests32
-rw-r--r--tests/34-sim-basic_denylist.c (renamed from tests/34-sim-basic_blacklist.c)0
-rwxr-xr-xtests/34-sim-basic_denylist.py (renamed from tests/34-sim-basic_blacklist.py)0
-rw-r--r--tests/34-sim-basic_denylist.tests32
-rw-r--r--tests/47-live-kill_process.c6
-rw-r--r--tests/54-live-binary_tree.c6
-rwxr-xr-xtests/54-live-binary_tree.py4
-rw-r--r--tests/Makefile.am12
14 files changed, 85 insertions, 85 deletions
diff --git a/src/system.c b/src/system.c
index 87f2ebe..ce7cb43 100644
--- a/src/system.c
+++ b/src/system.c
@@ -35,10 +35,10 @@
#include "gen_bpf.h"
#include "helper.h"
-/* NOTE: the seccomp syscall whitelist is currently disabled for testing
+/* NOTE: the seccomp syscall allowlist is currently disabled for testing
* purposes, but unless we can verify all of the supported ABIs before
- * our next release we may have to enable the whitelist */
-#define SYSCALL_WHITELIST_ENABLE 0
+ * our next release we may have to enable the allowlist */
+#define SYSCALL_ALLOWLIST_ENABLE 0
static int _nr_seccomp = -1;
static int _support_seccomp_syscall = -1;
@@ -70,8 +70,8 @@ int sys_chk_seccomp_syscall(void)
if (_support_seccomp_syscall >= 0)
return _support_seccomp_syscall;
-#if SYSCALL_WHITELIST_ENABLE
- /* architecture whitelist */
+#if SYSCALL_ALLOWLIST_ENABLE
+ /* architecture allowlist */
switch (arch_def_native->token) {
case SCMP_ARCH_X86_64:
case SCMP_ARCH_ARM:
diff --git a/tests/.gitignore b/tests/.gitignore
index c536766..b51acc3 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -23,7 +23,7 @@ util.pyc
15-basic-resolver
16-sim-arch_basic
17-sim-arch_merge
-18-sim-basic_whitelist
+18-sim-basic_allowlist
19-sim-missing_syscalls
20-live-basic_die
21-live-basic_allow
@@ -39,7 +39,7 @@ util.pyc
31-basic-version_check
32-live-tsync_allow
33-sim-socket_syscalls_be
-34-sim-basic_blacklist
+34-sim-basic_denylist
35-sim-negative_one
36-sim-ipc_syscalls
37-sim-ipc_syscalls_be
diff --git a/tests/18-sim-basic_whitelist.c b/tests/18-sim-basic_allowlist.c
index e30274f..e30274f 100644
--- a/tests/18-sim-basic_whitelist.c
+++ b/tests/18-sim-basic_allowlist.c
diff --git a/tests/18-sim-basic_whitelist.py b/tests/18-sim-basic_allowlist.py
index dbee3ac..dbee3ac 100755
--- a/tests/18-sim-basic_whitelist.py
+++ b/tests/18-sim-basic_allowlist.py
diff --git a/tests/18-sim-basic_allowlist.tests b/tests/18-sim-basic_allowlist.tests
new file mode 100644
index 0000000..dba88ce
--- /dev/null
+++ b/tests/18-sim-basic_allowlist.tests
@@ -0,0 +1,32 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: bpf-sim
+
+# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
+18-sim-basic_allowlist all read 0 0x856B008 10 N N N ALLOW
+18-sim-basic_allowlist all read 1-10 0x856B008 10 N N N KILL
+18-sim-basic_allowlist all write 1-2 0x856B008 10 N N N ALLOW
+18-sim-basic_allowlist all write 3-10 0x856B008 10 N N N KILL
+18-sim-basic_allowlist all close N N N N N N ALLOW
+18-sim-basic_allowlist all rt_sigreturn N N N N N N ALLOW
+18-sim-basic_allowlist all open 0x856B008 4 N N N N KILL
+18-sim-basic_allowlist x86 0-2 N N N N N N KILL
+18-sim-basic_allowlist x86 7-172 N N N N N N KILL
+18-sim-basic_allowlist x86 174-350 N N N N N N KILL
+18-sim-basic_allowlist x86_64 4-14 N N N N N N KILL
+18-sim-basic_allowlist x86_64 16-350 N N N N N N KILL
+
+test type: bpf-sim-fuzz
+
+# Testname StressCount
+18-sim-basic_allowlist 50
+
+test type: bpf-valgrind
+
+# Testname
+18-sim-basic_allowlist
diff --git a/tests/18-sim-basic_whitelist.tests b/tests/18-sim-basic_whitelist.tests
deleted file mode 100644
index 2d46660..0000000
--- a/tests/18-sim-basic_whitelist.tests
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# libseccomp regression test automation data
-#
-# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <paul@paul-moore.com>
-#
-
-test type: bpf-sim
-
-# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
-18-sim-basic_whitelist all read 0 0x856B008 10 N N N ALLOW
-18-sim-basic_whitelist all read 1-10 0x856B008 10 N N N KILL
-18-sim-basic_whitelist all write 1-2 0x856B008 10 N N N ALLOW
-18-sim-basic_whitelist all write 3-10 0x856B008 10 N N N KILL
-18-sim-basic_whitelist all close N N N N N N ALLOW
-18-sim-basic_whitelist all rt_sigreturn N N N N N N ALLOW
-18-sim-basic_whitelist all open 0x856B008 4 N N N N KILL
-18-sim-basic_whitelist x86 0-2 N N N N N N KILL
-18-sim-basic_whitelist x86 7-172 N N N N N N KILL
-18-sim-basic_whitelist x86 174-350 N N N N N N KILL
-18-sim-basic_whitelist x86_64 4-14 N N N N N N KILL
-18-sim-basic_whitelist x86_64 16-350 N N N N N N KILL
-
-test type: bpf-sim-fuzz
-
-# Testname StressCount
-18-sim-basic_whitelist 50
-
-test type: bpf-valgrind
-
-# Testname
-18-sim-basic_whitelist
diff --git a/tests/34-sim-basic_blacklist.tests b/tests/34-sim-basic_blacklist.tests
deleted file mode 100644
index 0ae3433..0000000
--- a/tests/34-sim-basic_blacklist.tests
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# libseccomp regression test automation data
-#
-# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <paul@paul-moore.com>
-#
-
-test type: bpf-sim
-
-# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
-34-sim-basic_blacklist all read 0 0x856B008 10 N N N KILL
-34-sim-basic_blacklist all read 1-10 0x856B008 10 N N N ALLOW
-34-sim-basic_blacklist all write 1-2 0x856B008 10 N N N KILL
-34-sim-basic_blacklist all write 3-10 0x856B008 10 N N N ALLOW
-34-sim-basic_blacklist all close N N N N N N KILL
-34-sim-basic_blacklist all rt_sigreturn N N N N N N KILL
-34-sim-basic_blacklist all open 0x856B008 4 N N N N ALLOW
-34-sim-basic_blacklist x86 0-2 N N N N N N ALLOW
-34-sim-basic_blacklist x86 7-172 N N N N N N ALLOW
-34-sim-basic_blacklist x86 174-350 N N N N N N ALLOW
-34-sim-basic_blacklist x86_64 4-14 N N N N N N ALLOW
-34-sim-basic_blacklist x86_64 16-350 N N N N N N ALLOW
-
-test type: bpf-sim-fuzz
-
-# Testname StressCount
-34-sim-basic_blacklist 50
-
-test type: bpf-valgrind
-
-# Testname
-34-sim-basic_blacklist
diff --git a/tests/34-sim-basic_blacklist.c b/tests/34-sim-basic_denylist.c
index e17406f..e17406f 100644
--- a/tests/34-sim-basic_blacklist.c
+++ b/tests/34-sim-basic_denylist.c
diff --git a/tests/34-sim-basic_blacklist.py b/tests/34-sim-basic_denylist.py
index 05a202d..05a202d 100755
--- a/tests/34-sim-basic_blacklist.py
+++ b/tests/34-sim-basic_denylist.py
diff --git a/tests/34-sim-basic_denylist.tests b/tests/34-sim-basic_denylist.tests
new file mode 100644
index 0000000..ed2491a
--- /dev/null
+++ b/tests/34-sim-basic_denylist.tests
@@ -0,0 +1,32 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: bpf-sim
+
+# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result
+34-sim-basic_denylist all read 0 0x856B008 10 N N N KILL
+34-sim-basic_denylist all read 1-10 0x856B008 10 N N N ALLOW
+34-sim-basic_denylist all write 1-2 0x856B008 10 N N N KILL
+34-sim-basic_denylist all write 3-10 0x856B008 10 N N N ALLOW
+34-sim-basic_denylist all close N N N N N N KILL
+34-sim-basic_denylist all rt_sigreturn N N N N N N KILL
+34-sim-basic_denylist all open 0x856B008 4 N N N N ALLOW
+34-sim-basic_denylist x86 0-2 N N N N N N ALLOW
+34-sim-basic_denylist x86 7-172 N N N N N N ALLOW
+34-sim-basic_denylist x86 174-350 N N N N N N ALLOW
+34-sim-basic_denylist x86_64 4-14 N N N N N N ALLOW
+34-sim-basic_denylist x86_64 16-350 N N N N N N ALLOW
+
+test type: bpf-sim-fuzz
+
+# Testname StressCount
+34-sim-basic_denylist 50
+
+test type: bpf-valgrind
+
+# Testname
+34-sim-basic_denylist
diff --git a/tests/47-live-kill_process.c b/tests/47-live-kill_process.c
index 7da407f..47d5833 100644
--- a/tests/47-live-kill_process.c
+++ b/tests/47-live-kill_process.c
@@ -31,7 +31,7 @@
#include "util.h"
-static const unsigned int whitelist[] = {
+static const unsigned int allowlist[] = {
SCMP_SYS(clone),
SCMP_SYS(exit),
SCMP_SYS(exit_group),
@@ -75,8 +75,8 @@ int main(int argc, char *argv[])
if (ctx == NULL)
return ENOMEM;
- for (i = 0; i < sizeof(whitelist) / sizeof(whitelist[0]); i++) {
- rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, whitelist[i], 0);
+ for (i = 0; i < sizeof(allowlist) / sizeof(allowlist[0]); i++) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, allowlist[i], 0);
if (rc != 0)
goto out;
}
diff --git a/tests/54-live-binary_tree.c b/tests/54-live-binary_tree.c
index 6c8eb15..cd4e9e4 100644
--- a/tests/54-live-binary_tree.c
+++ b/tests/54-live-binary_tree.c
@@ -31,7 +31,7 @@
#include "util.h"
/* arbitrary list of syscalls to force seccomp to generate a binary tree */
-static const int blacklist[] = {
+static const int denylist[] = {
SCMP_SYS(times),
SCMP_SYS(ptrace),
SCMP_SYS(getuid),
@@ -101,8 +101,8 @@ int main(int argc, char *argv[])
if (rc != 0)
goto out;
- for (i = 0; i < (sizeof(blacklist) / sizeof(blacklist[0])); i++) {
- rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i], 0);
+ for (i = 0; i < (sizeof(denylist) / sizeof(denylist[0])); i++) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, denylist[i], 0);
if (rc != 0)
goto out;
}
diff --git a/tests/54-live-binary_tree.py b/tests/54-live-binary_tree.py
index 125c888..2250938 100755
--- a/tests/54-live-binary_tree.py
+++ b/tests/54-live-binary_tree.py
@@ -28,7 +28,7 @@ import util
from seccomp import *
-blacklist = [
+denylist = [
"times",
"ptrace",
"getuid",
@@ -79,7 +79,7 @@ def test():
f.add_rule(ALLOW, "brk")
f.add_rule(ALLOW, "exit_group")
- for syscall in blacklist:
+ for syscall in denylist:
f.add_rule(KILL, syscall)
f.load()
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a135278..629b910 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -57,7 +57,7 @@ check_PROGRAMS = \
15-basic-resolver \
16-sim-arch_basic \
17-sim-arch_merge \
- 18-sim-basic_whitelist \
+ 18-sim-basic_allowlist \
19-sim-missing_syscalls \
20-live-basic_die \
21-live-basic_allow \
@@ -73,7 +73,7 @@ check_PROGRAMS = \
31-basic-version_check \
32-live-tsync_allow \
33-sim-socket_syscalls_be \
- 34-sim-basic_blacklist \
+ 34-sim-basic_denylist \
35-sim-negative_one \
36-sim-ipc_syscalls \
37-sim-ipc_syscalls_be \
@@ -116,7 +116,7 @@ EXTRA_DIST_TESTPYTHON = \
15-basic-resolver.py \
16-sim-arch_basic.py \
17-sim-arch_merge.py \
- 18-sim-basic_whitelist.py \
+ 18-sim-basic_allowlist.py \
19-sim-missing_syscalls.py \
20-live-basic_die.py \
21-live-basic_allow.py \
@@ -132,7 +132,7 @@ EXTRA_DIST_TESTPYTHON = \
31-basic-version_check.py \
32-live-tsync_allow.py \
33-sim-socket_syscalls_be.py \
- 34-sim-basic_blacklist.py \
+ 34-sim-basic_denylist.py \
35-sim-negative_one.py \
36-sim-ipc_syscalls.py \
37-sim-ipc_syscalls_be.py \
@@ -172,7 +172,7 @@ EXTRA_DIST_TESTCFGS = \
15-basic-resolver.tests \
16-sim-arch_basic.tests \
17-sim-arch_merge.tests \
- 18-sim-basic_whitelist.tests \
+ 18-sim-basic_allowlist.tests \
19-sim-missing_syscalls.tests \
20-live-basic_die.tests \
21-live-basic_allow.tests \
@@ -188,7 +188,7 @@ EXTRA_DIST_TESTCFGS = \
31-basic-version_check.tests \
32-live-tsync_allow.tests \
33-sim-socket_syscalls_be.tests \
- 34-sim-basic_blacklist.tests \
+ 34-sim-basic_denylist.tests \
35-sim-negative_one.tests \
36-sim-ipc_syscalls.tests \
37-sim-ipc_syscalls_be.tests \