diff options
| author | Paul Moore <paul@paul-moore.com> | 2020-06-10 21:25:54 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2020-06-11 14:07:58 -0400 |
| commit | 0e762521d604612bb4dca8867d4a428a5e6cae54 (patch) | |
| tree | 9aaff2654f3405c4ec4e77386c20f66ec5104693 | |
| parent | c22f0712293d2842af4b269d4f9c0799085a0340 (diff) | |
| download | libseccomp-0e762521d604612bb4dca8867d4a428a5e6cae54.tar.gz | |
all: pick better names for some legacy terminology
I've never wanted my code to be either a reminder or a source of
hurt for others, but it is possible that some older terminology used
in this repository may do just that. That's a bug we need to fix,
and hopefully this patch does just that.
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
| -rw-r--r-- | src/system.c | 10 | ||||
| -rw-r--r-- | tests/.gitignore | 4 | ||||
| -rw-r--r-- | tests/18-sim-basic_allowlist.c (renamed from tests/18-sim-basic_whitelist.c) | 0 | ||||
| -rwxr-xr-x | tests/18-sim-basic_allowlist.py (renamed from tests/18-sim-basic_whitelist.py) | 0 | ||||
| -rw-r--r-- | tests/18-sim-basic_allowlist.tests | 32 | ||||
| -rw-r--r-- | tests/18-sim-basic_whitelist.tests | 32 | ||||
| -rw-r--r-- | tests/34-sim-basic_blacklist.tests | 32 | ||||
| -rw-r--r-- | tests/34-sim-basic_denylist.c (renamed from tests/34-sim-basic_blacklist.c) | 0 | ||||
| -rwxr-xr-x | tests/34-sim-basic_denylist.py (renamed from tests/34-sim-basic_blacklist.py) | 0 | ||||
| -rw-r--r-- | tests/34-sim-basic_denylist.tests | 32 | ||||
| -rw-r--r-- | tests/47-live-kill_process.c | 6 | ||||
| -rw-r--r-- | tests/54-live-binary_tree.c | 6 | ||||
| -rwxr-xr-x | tests/54-live-binary_tree.py | 4 | ||||
| -rw-r--r-- | tests/Makefile.am | 12 |
14 files changed, 85 insertions, 85 deletions
diff --git a/src/system.c b/src/system.c index 87f2ebe..ce7cb43 100644 --- a/src/system.c +++ b/src/system.c @@ -35,10 +35,10 @@ #include "gen_bpf.h" #include "helper.h" -/* NOTE: the seccomp syscall whitelist is currently disabled for testing +/* NOTE: the seccomp syscall allowlist is currently disabled for testing * purposes, but unless we can verify all of the supported ABIs before - * our next release we may have to enable the whitelist */ -#define SYSCALL_WHITELIST_ENABLE 0 + * our next release we may have to enable the allowlist */ +#define SYSCALL_ALLOWLIST_ENABLE 0 static int _nr_seccomp = -1; static int _support_seccomp_syscall = -1; @@ -70,8 +70,8 @@ int sys_chk_seccomp_syscall(void) if (_support_seccomp_syscall >= 0) return _support_seccomp_syscall; -#if SYSCALL_WHITELIST_ENABLE - /* architecture whitelist */ +#if SYSCALL_ALLOWLIST_ENABLE + /* architecture allowlist */ switch (arch_def_native->token) { case SCMP_ARCH_X86_64: case SCMP_ARCH_ARM: diff --git a/tests/.gitignore b/tests/.gitignore index c536766..b51acc3 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -23,7 +23,7 @@ util.pyc 15-basic-resolver 16-sim-arch_basic 17-sim-arch_merge -18-sim-basic_whitelist +18-sim-basic_allowlist 19-sim-missing_syscalls 20-live-basic_die 21-live-basic_allow @@ -39,7 +39,7 @@ util.pyc 31-basic-version_check 32-live-tsync_allow 33-sim-socket_syscalls_be -34-sim-basic_blacklist +34-sim-basic_denylist 35-sim-negative_one 36-sim-ipc_syscalls 37-sim-ipc_syscalls_be diff --git a/tests/18-sim-basic_whitelist.c b/tests/18-sim-basic_allowlist.c index e30274f..e30274f 100644 --- a/tests/18-sim-basic_whitelist.c +++ b/tests/18-sim-basic_allowlist.c diff --git a/tests/18-sim-basic_whitelist.py b/tests/18-sim-basic_allowlist.py index dbee3ac..dbee3ac 100755 --- a/tests/18-sim-basic_whitelist.py +++ b/tests/18-sim-basic_allowlist.py diff --git a/tests/18-sim-basic_allowlist.tests b/tests/18-sim-basic_allowlist.tests new file mode 100644 index 0000000..dba88ce --- /dev/null +++ b/tests/18-sim-basic_allowlist.tests @@ -0,0 +1,32 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2013 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <paul@paul-moore.com> +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +18-sim-basic_allowlist all read 0 0x856B008 10 N N N ALLOW +18-sim-basic_allowlist all read 1-10 0x856B008 10 N N N KILL +18-sim-basic_allowlist all write 1-2 0x856B008 10 N N N ALLOW +18-sim-basic_allowlist all write 3-10 0x856B008 10 N N N KILL +18-sim-basic_allowlist all close N N N N N N ALLOW +18-sim-basic_allowlist all rt_sigreturn N N N N N N ALLOW +18-sim-basic_allowlist all open 0x856B008 4 N N N N KILL +18-sim-basic_allowlist x86 0-2 N N N N N N KILL +18-sim-basic_allowlist x86 7-172 N N N N N N KILL +18-sim-basic_allowlist x86 174-350 N N N N N N KILL +18-sim-basic_allowlist x86_64 4-14 N N N N N N KILL +18-sim-basic_allowlist x86_64 16-350 N N N N N N KILL + +test type: bpf-sim-fuzz + +# Testname StressCount +18-sim-basic_allowlist 50 + +test type: bpf-valgrind + +# Testname +18-sim-basic_allowlist diff --git a/tests/18-sim-basic_whitelist.tests b/tests/18-sim-basic_whitelist.tests deleted file mode 100644 index 2d46660..0000000 --- a/tests/18-sim-basic_whitelist.tests +++ /dev/null @@ -1,32 +0,0 @@ -# -# libseccomp regression test automation data -# -# Copyright (c) 2013 Red Hat <pmoore@redhat.com> -# Author: Paul Moore <paul@paul-moore.com> -# - -test type: bpf-sim - -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -18-sim-basic_whitelist all read 0 0x856B008 10 N N N ALLOW -18-sim-basic_whitelist all read 1-10 0x856B008 10 N N N KILL -18-sim-basic_whitelist all write 1-2 0x856B008 10 N N N ALLOW -18-sim-basic_whitelist all write 3-10 0x856B008 10 N N N KILL -18-sim-basic_whitelist all close N N N N N N ALLOW -18-sim-basic_whitelist all rt_sigreturn N N N N N N ALLOW -18-sim-basic_whitelist all open 0x856B008 4 N N N N KILL -18-sim-basic_whitelist x86 0-2 N N N N N N KILL -18-sim-basic_whitelist x86 7-172 N N N N N N KILL -18-sim-basic_whitelist x86 174-350 N N N N N N KILL -18-sim-basic_whitelist x86_64 4-14 N N N N N N KILL -18-sim-basic_whitelist x86_64 16-350 N N N N N N KILL - -test type: bpf-sim-fuzz - -# Testname StressCount -18-sim-basic_whitelist 50 - -test type: bpf-valgrind - -# Testname -18-sim-basic_whitelist diff --git a/tests/34-sim-basic_blacklist.tests b/tests/34-sim-basic_blacklist.tests deleted file mode 100644 index 0ae3433..0000000 --- a/tests/34-sim-basic_blacklist.tests +++ /dev/null @@ -1,32 +0,0 @@ -# -# libseccomp regression test automation data -# -# Copyright (c) 2013 Red Hat <pmoore@redhat.com> -# Author: Paul Moore <paul@paul-moore.com> -# - -test type: bpf-sim - -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -34-sim-basic_blacklist all read 0 0x856B008 10 N N N KILL -34-sim-basic_blacklist all read 1-10 0x856B008 10 N N N ALLOW -34-sim-basic_blacklist all write 1-2 0x856B008 10 N N N KILL -34-sim-basic_blacklist all write 3-10 0x856B008 10 N N N ALLOW -34-sim-basic_blacklist all close N N N N N N KILL -34-sim-basic_blacklist all rt_sigreturn N N N N N N KILL -34-sim-basic_blacklist all open 0x856B008 4 N N N N ALLOW -34-sim-basic_blacklist x86 0-2 N N N N N N ALLOW -34-sim-basic_blacklist x86 7-172 N N N N N N ALLOW -34-sim-basic_blacklist x86 174-350 N N N N N N ALLOW -34-sim-basic_blacklist x86_64 4-14 N N N N N N ALLOW -34-sim-basic_blacklist x86_64 16-350 N N N N N N ALLOW - -test type: bpf-sim-fuzz - -# Testname StressCount -34-sim-basic_blacklist 50 - -test type: bpf-valgrind - -# Testname -34-sim-basic_blacklist diff --git a/tests/34-sim-basic_blacklist.c b/tests/34-sim-basic_denylist.c index e17406f..e17406f 100644 --- a/tests/34-sim-basic_blacklist.c +++ b/tests/34-sim-basic_denylist.c diff --git a/tests/34-sim-basic_blacklist.py b/tests/34-sim-basic_denylist.py index 05a202d..05a202d 100755 --- a/tests/34-sim-basic_blacklist.py +++ b/tests/34-sim-basic_denylist.py diff --git a/tests/34-sim-basic_denylist.tests b/tests/34-sim-basic_denylist.tests new file mode 100644 index 0000000..ed2491a --- /dev/null +++ b/tests/34-sim-basic_denylist.tests @@ -0,0 +1,32 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2013 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <paul@paul-moore.com> +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +34-sim-basic_denylist all read 0 0x856B008 10 N N N KILL +34-sim-basic_denylist all read 1-10 0x856B008 10 N N N ALLOW +34-sim-basic_denylist all write 1-2 0x856B008 10 N N N KILL +34-sim-basic_denylist all write 3-10 0x856B008 10 N N N ALLOW +34-sim-basic_denylist all close N N N N N N KILL +34-sim-basic_denylist all rt_sigreturn N N N N N N KILL +34-sim-basic_denylist all open 0x856B008 4 N N N N ALLOW +34-sim-basic_denylist x86 0-2 N N N N N N ALLOW +34-sim-basic_denylist x86 7-172 N N N N N N ALLOW +34-sim-basic_denylist x86 174-350 N N N N N N ALLOW +34-sim-basic_denylist x86_64 4-14 N N N N N N ALLOW +34-sim-basic_denylist x86_64 16-350 N N N N N N ALLOW + +test type: bpf-sim-fuzz + +# Testname StressCount +34-sim-basic_denylist 50 + +test type: bpf-valgrind + +# Testname +34-sim-basic_denylist diff --git a/tests/47-live-kill_process.c b/tests/47-live-kill_process.c index 7da407f..47d5833 100644 --- a/tests/47-live-kill_process.c +++ b/tests/47-live-kill_process.c @@ -31,7 +31,7 @@ #include "util.h" -static const unsigned int whitelist[] = { +static const unsigned int allowlist[] = { SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), @@ -75,8 +75,8 @@ int main(int argc, char *argv[]) if (ctx == NULL) return ENOMEM; - for (i = 0; i < sizeof(whitelist) / sizeof(whitelist[0]); i++) { - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, whitelist[i], 0); + for (i = 0; i < sizeof(allowlist) / sizeof(allowlist[0]); i++) { + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, allowlist[i], 0); if (rc != 0) goto out; } diff --git a/tests/54-live-binary_tree.c b/tests/54-live-binary_tree.c index 6c8eb15..cd4e9e4 100644 --- a/tests/54-live-binary_tree.c +++ b/tests/54-live-binary_tree.c @@ -31,7 +31,7 @@ #include "util.h" /* arbitrary list of syscalls to force seccomp to generate a binary tree */ -static const int blacklist[] = { +static const int denylist[] = { SCMP_SYS(times), SCMP_SYS(ptrace), SCMP_SYS(getuid), @@ -101,8 +101,8 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; - for (i = 0; i < (sizeof(blacklist) / sizeof(blacklist[0])); i++) { - rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i], 0); + for (i = 0; i < (sizeof(denylist) / sizeof(denylist[0])); i++) { + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, denylist[i], 0); if (rc != 0) goto out; } diff --git a/tests/54-live-binary_tree.py b/tests/54-live-binary_tree.py index 125c888..2250938 100755 --- a/tests/54-live-binary_tree.py +++ b/tests/54-live-binary_tree.py @@ -28,7 +28,7 @@ import util from seccomp import * -blacklist = [ +denylist = [ "times", "ptrace", "getuid", @@ -79,7 +79,7 @@ def test(): f.add_rule(ALLOW, "brk") f.add_rule(ALLOW, "exit_group") - for syscall in blacklist: + for syscall in denylist: f.add_rule(KILL, syscall) f.load() diff --git a/tests/Makefile.am b/tests/Makefile.am index a135278..629b910 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -57,7 +57,7 @@ check_PROGRAMS = \ 15-basic-resolver \ 16-sim-arch_basic \ 17-sim-arch_merge \ - 18-sim-basic_whitelist \ + 18-sim-basic_allowlist \ 19-sim-missing_syscalls \ 20-live-basic_die \ 21-live-basic_allow \ @@ -73,7 +73,7 @@ check_PROGRAMS = \ 31-basic-version_check \ 32-live-tsync_allow \ 33-sim-socket_syscalls_be \ - 34-sim-basic_blacklist \ + 34-sim-basic_denylist \ 35-sim-negative_one \ 36-sim-ipc_syscalls \ 37-sim-ipc_syscalls_be \ @@ -116,7 +116,7 @@ EXTRA_DIST_TESTPYTHON = \ 15-basic-resolver.py \ 16-sim-arch_basic.py \ 17-sim-arch_merge.py \ - 18-sim-basic_whitelist.py \ + 18-sim-basic_allowlist.py \ 19-sim-missing_syscalls.py \ 20-live-basic_die.py \ 21-live-basic_allow.py \ @@ -132,7 +132,7 @@ EXTRA_DIST_TESTPYTHON = \ 31-basic-version_check.py \ 32-live-tsync_allow.py \ 33-sim-socket_syscalls_be.py \ - 34-sim-basic_blacklist.py \ + 34-sim-basic_denylist.py \ 35-sim-negative_one.py \ 36-sim-ipc_syscalls.py \ 37-sim-ipc_syscalls_be.py \ @@ -172,7 +172,7 @@ EXTRA_DIST_TESTCFGS = \ 15-basic-resolver.tests \ 16-sim-arch_basic.tests \ 17-sim-arch_merge.tests \ - 18-sim-basic_whitelist.tests \ + 18-sim-basic_allowlist.tests \ 19-sim-missing_syscalls.tests \ 20-live-basic_die.tests \ 21-live-basic_allow.tests \ @@ -188,7 +188,7 @@ EXTRA_DIST_TESTCFGS = \ 31-basic-version_check.tests \ 32-live-tsync_allow.tests \ 33-sim-socket_syscalls_be.tests \ - 34-sim-basic_blacklist.tests \ + 34-sim-basic_denylist.tests \ 35-sim-negative_one.tests \ 36-sim-ipc_syscalls.tests \ 37-sim-ipc_syscalls_be.tests \ |