diff options
| author | Ben Pfaff <blp@ovn.org> | 2020-06-17 14:22:47 -0700 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2020-10-16 19:22:24 -0700 |
| commit | 8205fbc8f5e0ae5c85b9d1be2f5f53997ea4ff31 (patch) | |
| tree | 670053b7fc93441fe351f3ba1ba2613a3e6b5474 /Documentation/howto | |
| parent | 807152a4ddfb89b65ef75c6b12937ecd68ea8cb3 (diff) | |
| download | openvswitch-8205fbc8f5e0ae5c85b9d1be2f5f53997ea4ff31.tar.gz | |
Eliminate "whitelist" and "blacklist" terms.
There is one remaining use under datapath. That change should happen
upstream in Linux first according to our usual policy.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Diffstat (limited to 'Documentation/howto')
| -rw-r--r-- | Documentation/howto/ipsec.rst | 2 | ||||
| -rw-r--r-- | Documentation/howto/selinux.rst | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/Documentation/howto/ipsec.rst b/Documentation/howto/ipsec.rst index 17153ac2b..cd9348420 100644 --- a/Documentation/howto/ipsec.rst +++ b/Documentation/howto/ipsec.rst @@ -162,7 +162,7 @@ undesirable situation. `ipsec_skb_mark`. By setting the ipsec_skb_mark as 0/1, OVS IPsec prevents all unencrypted tunnel packets leaving the host since the default skb_mark value for tunnel packets are 0. This affects all OVS tunnels including those - without IPsec being set up. You can install OpenFlow rules to whitelist + without IPsec being set up. You can install OpenFlow rules to enable those non-IPsec tunnels by setting the skb_mark of the tunnel traffic as non-zero value. diff --git a/Documentation/howto/selinux.rst b/Documentation/howto/selinux.rst index 55c3e39ce..f657d5e51 100644 --- a/Documentation/howto/selinux.rst +++ b/Documentation/howto/selinux.rst @@ -67,8 +67,8 @@ differently than SELinux. SELinux and Open vSwitch are moving targets. What this means is that, if you solely rely on your Linux distribution's SELinux policy, then this policy might not have correctly anticipated that a newer Open vSwitch version needs extra -white list rules. However, if you solely rely on SELinux policy that ships -with Open vSwitch, then Open vSwitch developers might not have correctly +rules to allow behavior. However, if you solely rely on SELinux policy that +ships with Open vSwitch, then Open vSwitch developers might not have correctly anticipated the feature set that your SELinux implementation supports. Installation @@ -136,8 +136,8 @@ Then verify that this module was indeed loaded:: openvswitch 1.1.1 If you still see Permission denied errors, then take a look into -``selinux/openvswitch.te.in`` file in the OVS source tree and try to add white -list rules. This is really simple, just run SELinux audit2allow tool:: +``selinux/openvswitch.te.in`` file in the OVS source tree and try to add allow +rules. This is really simple, just run SELinux audit2allow tool:: $ grep "openvswitch_t" /var/log/audit/audit.log | audit2allow -M ovslocal |