diff options
Diffstat (limited to 'src')
42 files changed, 256 insertions, 254 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 0137883976..7b32fcb7b7 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -91,7 +91,7 @@ struct security_info { char **system_call_architectures; - bool system_call_filter_whitelist; + bool system_call_filter_allow_list; Set *system_call_filter; uint32_t _umask; @@ -492,7 +492,7 @@ static int assess_system_call_architectures( #if HAVE_SECCOMP -static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterSet *f) { +static bool syscall_names_in_filter(Set *s, bool allow_list, const SyscallFilterSet *f) { const char *syscall; NULSTR_FOREACH(syscall, f->value) { @@ -502,7 +502,7 @@ static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterS const SyscallFilterSet *g; assert_se(g = syscall_filter_set_find(syscall)); - if (syscall_names_in_filter(s, whitelist, g)) + if (syscall_names_in_filter(s, allow_list, g)) return true; /* bad! */ continue; @@ -513,7 +513,7 @@ static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterS if (id < 0) continue; - if (set_contains(s, syscall) == whitelist) { + if (set_contains(s, syscall) == allow_list) { log_debug("Offending syscall filter item: %s", syscall); return true; /* bad! */ } @@ -541,30 +541,30 @@ static int assess_system_call_filter( assert(a->parameter < _SYSCALL_FILTER_SET_MAX); f = syscall_filter_sets + a->parameter; - if (!info->system_call_filter_whitelist && set_isempty(info->system_call_filter)) { + if (!info->system_call_filter_allow_list && set_isempty(info->system_call_filter)) { d = strdup("Service does not filter system calls"); b = 10; } else { bool bad; log_debug("Analyzing system call filter, checking against: %s", f->name); - bad = syscall_names_in_filter(info->system_call_filter, info->system_call_filter_whitelist, f); + bad = syscall_names_in_filter(info->system_call_filter, info->system_call_filter_allow_list, f); log_debug("Result: %s", bad ? "bad" : "good"); - if (info->system_call_filter_whitelist) { + if (info->system_call_filter_allow_list) { if (bad) { - (void) asprintf(&d, "System call whitelist defined for service, and %s is included", f->name); + (void) asprintf(&d, "System call allow list defined for service, and %s is included", f->name); b = 9; } else { - (void) asprintf(&d, "System call whitelist defined for service, and %s is not included", f->name); + (void) asprintf(&d, "System call allow list defined for service, and %s is not included", f->name); b = 0; } } else { if (bad) { - (void) asprintf(&d, "System call blacklist defined for service, and %s is not included", f->name); + (void) asprintf(&d, "System call deny list defined for service, and %s is not included", f->name); b = 10; } else { - (void) asprintf(&d, "System call blacklist defined for service, and %s is included", f->name); + (void) asprintf(&d, "System call deny list defined for service, and %s is included", f->name); b = 5; } } @@ -599,13 +599,13 @@ static int assess_ip_address_allow( d = strdup("Service defines custom ingress/egress IP filters with BPF programs"); b = 0; } else if (!info->ip_address_deny_all) { - d = strdup("Service does not define an IP address whitelist"); + d = strdup("Service does not define an IP address allow list"); b = 10; } else if (info->ip_address_allow_other) { - d = strdup("Service defines IP address whitelist with non-localhost entries"); + d = strdup("Service defines IP address allow list with non-localhost entries"); b = 5; } else if (info->ip_address_allow_localhost) { - d = strdup("Service defines IP address whitelist with only localhost entries"); + d = strdup("Service defines IP address allow list with only localhost entries"); b = 2; } else { d = strdup("Service blocks all IP address ranges"); @@ -1639,7 +1639,7 @@ static int property_read_restrict_address_families( void *userdata) { struct security_info *info = userdata; - int whitelist, r; + int allow_list, r; assert(bus); assert(member); @@ -1649,7 +1649,7 @@ static int property_read_restrict_address_families( if (r < 0) return r; - r = sd_bus_message_read(m, "b", &whitelist); + r = sd_bus_message_read(m, "b", &allow_list); if (r < 0) return r; @@ -1657,7 +1657,7 @@ static int property_read_restrict_address_families( info->restrict_address_family_unix = info->restrict_address_family_netlink = info->restrict_address_family_packet = - info->restrict_address_family_other = whitelist; + info->restrict_address_family_other = allow_list; r = sd_bus_message_enter_container(m, 'a', "s"); if (r < 0) @@ -1673,15 +1673,15 @@ static int property_read_restrict_address_families( break; if (STR_IN_SET(name, "AF_INET", "AF_INET6")) - info->restrict_address_family_inet = !whitelist; + info->restrict_address_family_inet = !allow_list; else if (streq(name, "AF_UNIX")) - info->restrict_address_family_unix = !whitelist; + info->restrict_address_family_unix = !allow_list; else if (streq(name, "AF_NETLINK")) - info->restrict_address_family_netlink = !whitelist; + info->restrict_address_family_netlink = !allow_list; else if (streq(name, "AF_PACKET")) - info->restrict_address_family_packet = !whitelist; + info->restrict_address_family_packet = !allow_list; else - info->restrict_address_family_other = !whitelist; + info->restrict_address_family_other = !allow_list; } r = sd_bus_message_exit_container(m); @@ -1699,7 +1699,7 @@ static int property_read_system_call_filter( void *userdata) { struct security_info *info = userdata; - int whitelist, r; + int allow_list, r; assert(bus); assert(member); @@ -1709,11 +1709,11 @@ static int property_read_system_call_filter( if (r < 0) return r; - r = sd_bus_message_read(m, "b", &whitelist); + r = sd_bus_message_read(m, "b", &allow_list); if (r < 0) return r; - info->system_call_filter_whitelist = whitelist; + info->system_call_filter_allow_list = allow_list; r = sd_bus_message_enter_container(m, 'a', "s"); if (r < 0) diff --git a/src/basic/device-nodes.c b/src/basic/device-nodes.c index 5ebe5b2483..888ef23664 100644 --- a/src/basic/device-nodes.c +++ b/src/basic/device-nodes.c @@ -7,7 +7,7 @@ #include "device-nodes.h" #include "utf8.h" -int whitelisted_char_for_devnode(char c, const char *white) { +int allow_listed_char_for_devnode(char c, const char *white) { if ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') || @@ -38,7 +38,7 @@ int encode_devnode_name(const char *str, char *str_enc, size_t len) { j += seqlen; i += (seqlen-1); - } else if (str[i] == '\\' || !whitelisted_char_for_devnode(str[i], NULL)) { + } else if (str[i] == '\\' || !allow_listed_char_for_devnode(str[i], NULL)) { if (len-j < 4) return -EINVAL; diff --git a/src/basic/device-nodes.h b/src/basic/device-nodes.h index 3840e6d307..0dad8c9c68 100644 --- a/src/basic/device-nodes.h +++ b/src/basic/device-nodes.h @@ -8,7 +8,7 @@ #include "stdio-util.h" int encode_devnode_name(const char *str, char *str_enc, size_t len); -int whitelisted_char_for_devnode(char c, const char *additional); +int allow_listed_char_for_devnode(char c, const char *additional); #define DEV_NUM_PATH_MAX \ (STRLEN("/dev/block/") + DECIMAL_STR_MAX(dev_t) + 1 + DECIMAL_STR_MAX(dev_t)) diff --git a/src/basic/efivars.c b/src/basic/efivars.c index e7edd17d0b..007137cf01 100644 --- a/src/basic/efivars.c +++ b/src/basic/efivars.c @@ -210,9 +210,9 @@ int efi_set_variable( if (!p) return -ENOMEM; - /* Newer efivarfs protects variables that are not in a whitelist with FS_IMMUTABLE_FL by default, to protect - * them for accidental removal and modification. We are not changing these variables accidentally however, - * hence let's unset the bit first. */ + /* Newer efivarfs protects variables that are not in an allow list with FS_IMMUTABLE_FL by default, + * to protect them for accidental removal and modification. We are not changing these variables + * accidentally however, hence let's unset the bit first. */ r = chattr_path(p, 0, FS_IMMUTABLE_FL, &saved_flags); if (r < 0 && r != -ENOENT) diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c index 943bc56319..34a2260783 100644 --- a/src/basic/fs-util.c +++ b/src/basic/fs-util.c @@ -1576,7 +1576,7 @@ static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) { d = opendir(p); if (!d) { - if (errno == ENOENT) /* Doesn't have slaves */ + if (errno == ENOENT) /* Doesn't have underlying devices */ return false; return -errno; @@ -1592,7 +1592,7 @@ static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) { if (errno != 0) return -errno; - break; /* No more slaves */ + break; /* No more underlying devices */ } q = path_join(p, de->d_name); diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c index 07ef9f6777..34320e88fb 100644 --- a/src/core/bpf-devices.c +++ b/src/core/bpf-devices.c @@ -38,7 +38,7 @@ static int bpf_access_type(const char *acc) { return r; } -static int bpf_prog_whitelist_device( +static int bpf_prog_allow_list_device( BPFProgram *prog, char type, int major, @@ -80,7 +80,7 @@ static int bpf_prog_whitelist_device( return r; } -static int bpf_prog_whitelist_major( +static int bpf_prog_allow_list_major( BPFProgram *prog, char type, int major, @@ -120,7 +120,7 @@ static int bpf_prog_whitelist_major( return r; } -static int bpf_prog_whitelist_class( +static int bpf_prog_allow_list_class( BPFProgram *prog, char type, const char *acc) { @@ -161,7 +161,7 @@ static int bpf_prog_whitelist_class( int bpf_devices_cgroup_init( BPFProgram **ret, CGroupDevicePolicy policy, - bool whitelist) { + bool allow_list) { const struct bpf_insn pre_insn[] = { /* load device type to r2 */ @@ -188,14 +188,14 @@ int bpf_devices_cgroup_init( assert(ret); - if (policy == CGROUP_DEVICE_POLICY_AUTO && !whitelist) + if (policy == CGROUP_DEVICE_POLICY_AUTO && !allow_list) return 0; r = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE, &prog); if (r < 0) return log_error_errno(r, "Loading device control BPF program failed: %m"); - if (policy == CGROUP_DEVICE_POLICY_CLOSED || whitelist) { + if (policy == CGROUP_DEVICE_POLICY_CLOSED || allow_list) { r = bpf_program_add_instructions(prog, pre_insn, ELEMENTSOF(pre_insn)); if (r < 0) return log_error_errno(r, "Extending device control BPF program failed: %m"); @@ -209,7 +209,7 @@ int bpf_devices_cgroup_init( int bpf_devices_apply_policy( BPFProgram *prog, CGroupDevicePolicy policy, - bool whitelist, + bool allow_list, const char *cgroup_path, BPFProgram **prog_installed) { @@ -221,7 +221,7 @@ int bpf_devices_apply_policy( if (!prog) goto finish; - const bool deny_everything = policy == CGROUP_DEVICE_POLICY_STRICT && !whitelist; + const bool deny_everything = policy == CGROUP_DEVICE_POLICY_STRICT && !allow_list; const struct bpf_insn post_insn[] = { /* return DENY */ @@ -325,7 +325,7 @@ int bpf_devices_supported(void) { return supported = 1; } -static int whitelist_device_pattern( +static int allow_list_device_pattern( BPFProgram *prog, const char *path, char type, @@ -340,11 +340,11 @@ static int whitelist_device_pattern( return 0; if (maj && min) - return bpf_prog_whitelist_device(prog, type, *maj, *min, acc); + return bpf_prog_allow_list_device(prog, type, *maj, *min, acc); else if (maj) - return bpf_prog_whitelist_major(prog, type, *maj, acc); + return bpf_prog_allow_list_major(prog, type, *maj, acc); else - return bpf_prog_whitelist_class(prog, type, acc); + return bpf_prog_allow_list_class(prog, type, acc); } else { char buf[2+DECIMAL_STR_MAX(unsigned)*2+2+4]; @@ -369,7 +369,7 @@ static int whitelist_device_pattern( } } -int bpf_devices_whitelist_device( +int bpf_devices_allow_list_device( BPFProgram *prog, const char *path, const char *node, @@ -405,10 +405,10 @@ int bpf_devices_whitelist_device( } unsigned maj = major(rdev), min = minor(rdev); - return whitelist_device_pattern(prog, path, S_ISCHR(mode) ? 'c' : 'b', &maj, &min, acc); + return allow_list_device_pattern(prog, path, S_ISCHR(mode) ? 'c' : 'b', &maj, &min, acc); } -int bpf_devices_whitelist_major( +int bpf_devices_allow_list_major( BPFProgram *prog, const char *path, const char *name, @@ -424,12 +424,12 @@ int bpf_devices_whitelist_major( if (streq(name, "*")) /* If the name is a wildcard, then apply this list to all devices of this type */ - return whitelist_device_pattern(prog, path, type, NULL, NULL, acc); + return allow_list_device_pattern(prog, path, type, NULL, NULL, acc); if (safe_atou(name, &maj) >= 0 && DEVICE_MAJOR_VALID(maj)) /* The name is numeric and suitable as major. In that case, let's take its major, and create * the entry directly. */ - return whitelist_device_pattern(prog, path, type, &maj, NULL, acc); + return allow_list_device_pattern(prog, path, type, &maj, NULL, acc); _cleanup_fclose_ FILE *f = NULL; bool good = false, any = false; @@ -486,17 +486,17 @@ int bpf_devices_whitelist_major( continue; any = true; - (void) whitelist_device_pattern(prog, path, type, &maj, NULL, acc); + (void) allow_list_device_pattern(prog, path, type, &maj, NULL, acc); } if (!any) return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), - "Device whitelist pattern \"%s\" did not match anything.", name); + "Device allow list pattern \"%s\" did not match anything.", name); return 0; } -int bpf_devices_whitelist_static( +int bpf_devices_allow_list_static( BPFProgram *prog, const char *path) { @@ -515,13 +515,13 @@ int bpf_devices_whitelist_static( const char *node, *acc; NULSTR_FOREACH_PAIR(node, acc, auto_devices) { - k = bpf_devices_whitelist_device(prog, path, node, acc); + k = bpf_devices_allow_list_device(prog, path, node, acc); if (r >= 0 && k < 0) r = k; } /* PTS (/dev/pts) devices may not be duplicated, but accessed */ - k = bpf_devices_whitelist_major(prog, path, "pts", 'c', "rw"); + k = bpf_devices_allow_list_major(prog, path, "pts", 'c', "rw"); if (r >= 0 && k < 0) r = k; diff --git a/src/core/bpf-devices.h b/src/core/bpf-devices.h index 4a5f4b1fb1..e2a08016e3 100644 --- a/src/core/bpf-devices.h +++ b/src/core/bpf-devices.h @@ -7,15 +7,15 @@ typedef struct BPFProgram BPFProgram; -int bpf_devices_cgroup_init(BPFProgram **ret, CGroupDevicePolicy policy, bool whitelist); +int bpf_devices_cgroup_init(BPFProgram **ret, CGroupDevicePolicy policy, bool allow_list); int bpf_devices_apply_policy( BPFProgram *prog, CGroupDevicePolicy policy, - bool whitelist, + bool allow_list, const char *cgroup_path, BPFProgram **prog_installed); int bpf_devices_supported(void); -int bpf_devices_whitelist_device(BPFProgram *prog, const char *path, const char *node, const char *acc); -int bpf_devices_whitelist_major(BPFProgram *prog, const char *path, const char *name, char type, const char *acc); -int bpf_devices_whitelist_static(BPFProgram *prog, const char *path); +int bpf_devices_allow_list_device(BPFProgram *prog, const char *path, const char *node, const char *acc); +int bpf_devices_allow_list_major(BPFProgram *prog, const char *path, const char *name, char type, const char *acc); +int bpf_devices_allow_list_static(BPFProgram *prog, const char *path); diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 7d45438e85..031b28a684 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -990,12 +990,12 @@ static int cgroup_apply_devices(Unit *u) { "Failed to reset devices.allow/devices.deny: %m"); } - bool whitelist_static = policy == CGROUP_DEVICE_POLICY_CLOSED || + bool allow_list_static = policy == CGROUP_DEVICE_POLICY_CLOSED || (policy == CGROUP_DEVICE_POLICY_AUTO && c->device_allow); - if (whitelist_static) - (void) bpf_devices_whitelist_static(prog, path); + if (allow_list_static) + (void) bpf_devices_allow_list_static(prog, path); - bool any = whitelist_static; + bool any = allow_list_static; LIST_FOREACH(device_allow, a, c->device_allow) { char acc[4], *val; unsigned k = 0; @@ -1011,11 +1011,11 @@ static int cgroup_apply_devices(Unit *u) { acc[k++] = 0; if (path_startswith(a->path, "/dev/")) - r = bpf_devices_whitelist_device(prog, path, a->path, acc); + r = bpf_devices_allow_list_device(prog, path, a->path, acc); else if ((val = startswith(a->path, "block-"))) - r = bpf_devices_whitelist_major(prog, path, val, 'b', acc); + r = bpf_devices_allow_list_major(prog, path, val, 'b', acc); else if ((val = startswith(a->path, "char-"))) - r = bpf_devices_whitelist_major(prog, path, val, 'c', acc); + r = bpf_devices_allow_list_major(prog, path, val, 'c', acc); else { log_unit_debug(u, "Ignoring device '%s' while writing cgroup attribute.", a->path); continue; @@ -1029,7 +1029,7 @@ static int cgroup_apply_devices(Unit *u) { log_unit_warning_errno(u, SYNTHETIC_ERRNO(ENODEV), "No devices matched by device filter."); /* The kernel verifier would reject a program we would build with the normal intro and outro - but no whitelisting rules (outro would contain an unreachable instruction for successful + but no allow-listing rules (outro would contain an unreachable instruction for successful return). */ policy = CGROUP_DEVICE_POLICY_STRICT; } diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 68ce395c56..45b5c0c13a 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -370,7 +370,7 @@ static int property_get_syscall_filter( if (r < 0) return r; - r = sd_bus_message_append(reply, "b", c->syscall_whitelist); + r = sd_bus_message_append(reply, "b", c->syscall_allow_list); if (r < 0) return r; @@ -536,7 +536,7 @@ static int property_get_address_families( if (r < 0) return r; - r = sd_bus_message_append(reply, "b", c->address_families_whitelist); + r = sd_bus_message_append(reply, "b", c->address_families_allow_list); if (r < 0) return r; @@ -1672,14 +1672,14 @@ int bus_exec_context_set_transient_property( return bus_set_transient_errno(u, name, &c->syscall_errno, message, flags, error); if (streq(name, "SystemCallFilter")) { - int whitelist; + int allow_list; _cleanup_strv_free_ char **l = NULL; r = sd_bus_message_enter_container(message, 'r', "bas"); if (r < 0) return r; - r = sd_bus_message_read(message, "b", &whitelist); + r = sd_bus_message_read(message, "b", &allow_list); if (r < 0) return r; @@ -1693,11 +1693,11 @@ int bus_exec_context_set_transient_property( if (!UNIT_WRITE_FLAGS_NOOP(flags)) { _cleanup_free_ char *joined = NULL; - SeccompParseFlags invert_flag = whitelist ? 0 : SECCOMP_PARSE_INVERT; + SeccompParseFlags invert_flag = allow_list ? 0 : SECCOMP_PARSE_INVERT; char **s; if (strv_isempty(l)) { - c->syscall_whitelist = false; + c->syscall_allow_list = false; c->syscall_filter = hashmap_free(c->syscall_filter); unit_write_settingf(u, flags, name, "SystemCallFilter="); @@ -1709,14 +1709,14 @@ int bus_exec_context_set_transient_property( if (!c->syscall_filter) return log_oom(); - c->syscall_whitelist = whitelist; + c->syscall_allow_list = allow_list; - if (c->syscall_whitelist) { + if (c->syscall_allow_list) { r = seccomp_parse_syscall_filter("@default", -1, c->syscall_filter, SECCOMP_PARSE_PERMISSIVE | - SECCOMP_PARSE_WHITELIST | invert_flag, + SECCOMP_PARSE_ALLOW_LIST | invert_flag, u->id, NULL, 0); if (r < 0) @@ -1737,7 +1737,7 @@ int bus_exec_context_set_transient_property( c->syscall_filter, SECCOMP_PARSE_LOG | SECCOMP_PARSE_PERMISSIVE | invert_flag | - (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0), + (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0), u->id, NULL, 0); if (r < 0) @@ -1748,7 +1748,7 @@ int bus_exec_context_set_transient_property( if (!joined) return -ENOMEM; - unit_write_settingf(u, flags, name, "SystemCallFilter=%s%s", whitelist ? "" : "~", joined); + unit_write_settingf(u, flags, name, "SystemCallFilter=%s%s", allow_list ? "" : "~", joined); } return 1; @@ -1792,14 +1792,14 @@ int bus_exec_context_set_transient_property( return 1; } else if (streq(name, "RestrictAddressFamilies")) { - int whitelist; + int allow_list; _cleanup_strv_free_ char **l = NULL; r = sd_bus_message_enter_container(message, 'r', "bas"); if (r < 0) return r; - r = sd_bus_message_read(message, "b", &whitelist); + r = sd_bus_message_read(message, "b", &allow_list); if (r < 0) return r; @@ -1816,7 +1816,7 @@ int bus_exec_context_set_transient_property( char **s; if (strv_isempty(l)) { - c->address_families_whitelist = false; + c->address_families_allow_list = false; c->address_families = set_free(c->address_families); unit_write_settingf(u, flags, name, "RestrictAddressFamilies="); @@ -1828,7 +1828,7 @@ int bus_exec_context_set_transient_property( if (!c->address_families) return log_oom(); - c->address_families_whitelist = whitelist; + c->address_families_allow_list = allow_list; } STRV_FOREACH(s, l) { @@ -1838,7 +1838,7 @@ int bus_exec_context_set_transient_property( if (af < 0) return af; - if (whitelist == c->address_families_whitelist) { + if (allow_list == c->address_families_allow_list) { r = set_put(c->address_families, INT_TO_PTR(af)); if (r < 0) return r; @@ -1850,7 +1850,7 @@ int bus_exec_context_set_transient_property( if (!joined) return -ENOMEM; - unit_write_settingf(u, flags, name, "RestrictAddressFamilies=%s%s", whitelist ? "" : "~", joined); + unit_write_settingf(u, flags, name, "RestrictAddressFamilies=%s%s", allow_list ? "" : "~", joined); } return 1; diff --git a/src/core/execute.c b/src/core/execute.c index e0835f9b92..0765f112fd 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1380,14 +1380,14 @@ static void rename_process_from_path(const char *path) { static bool context_has_address_families(const ExecContext *c) { assert(c); - return c->address_families_whitelist || + return c->address_families_allow_list || !set_isempty(c->address_families); } static bool context_has_syscall_filters(const ExecContext *c) { assert(c); - return c->syscall_whitelist || + return c->syscall_allow_list || !hashmap_isempty(c->syscall_filter); } @@ -1443,7 +1443,7 @@ static int apply_syscall_filter(const Unit* u, const ExecContext *c, bool needs_ negative_action = c->syscall_errno == 0 ? scmp_act_kill_process() : SCMP_ACT_ERRNO(c->syscall_errno); - if (c->syscall_whitelist) { + if (c->syscall_allow_list) { default_action = negative_action; action = SCMP_ACT_ALLOW; } else { @@ -1452,7 +1452,7 @@ static int apply_syscall_filter(const Unit* u, const ExecContext *c, bool needs_ } if (needs_ambient_hack) { - r = seccomp_filter_set_add(c->syscall_filter, c->syscall_whitelist, syscall_filter_sets + SYSCALL_FILTER_SET_SETUID); + r = seccomp_filter_set_add(c->syscall_filter, c->syscall_allow_list, syscall_filter_sets + SYSCALL_FILTER_SET_SETUID); if (r < 0) return r; } @@ -1483,7 +1483,7 @@ static int apply_address_families(const Unit* u, const ExecContext *c) { if (skip_seccomp_unavailable(u, "RestrictAddressFamilies=")) return 0; - return seccomp_restrict_address_families(c->address_families, c->address_families_whitelist); + return seccomp_restrict_address_families(c->address_families, c->address_families_allow_list); } static int apply_memory_deny_write_execute(const Unit* u, const ExecContext *c) { @@ -4918,7 +4918,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { "%sSystemCallFilter: ", prefix); - if (!c->syscall_whitelist) + if (!c->syscall_allow_list) fputc('~', f); #if HAVE_SECCOMP diff --git a/src/core/execute.h b/src/core/execute.h index 7c9d63c5e4..805709f2aa 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -287,9 +287,9 @@ struct ExecContext { Hashmap *syscall_filter; Set *syscall_archs; int syscall_errno; - bool syscall_whitelist:1; + bool syscall_allow_list:1; - bool address_families_whitelist:1; + bool address_families_allow_list:1; Set *address_families; char *network_namespace_path; diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index c3186f3824..4aaba1b31f 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -3017,7 +3017,7 @@ int config_parse_syscall_filter( if (isempty(rvalue)) { /* Empty assignment resets the list */ c->syscall_filter = hashmap_free(c->syscall_filter); - c->syscall_whitelist = false; + c->syscall_allow_list = false; return 0; } @@ -3033,15 +3033,15 @@ int config_parse_syscall_filter( if (invert) /* Allow everything but the ones listed */ - c->syscall_whitelist = false; + c->syscall_allow_list = false; else { /* Allow nothing but the ones listed */ - c->syscall_whitelist = true; + c->syscall_allow_list = true; - /* Accept default syscalls if we are on a whitelist */ + /* Accept default syscalls if we are on a allow_list */ r = seccomp_parse_syscall_filter( "@default", -1, c->syscall_filter, - SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST, + SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_ALLOW_LIST, unit, NULL, 0); if (r < 0) @@ -3074,7 +3074,7 @@ int config_parse_syscall_filter( name, num, c->syscall_filter, SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE| (invert ? SECCOMP_PARSE_INVERT : 0)| - (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0), + (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0), unit, filename, line); if (r < 0) return r; @@ -3189,7 +3189,7 @@ int config_parse_address_families( if (isempty(rvalue)) { /* Empty assignment resets the list */ c->address_families = set_free(c->address_families); - c->address_families_whitelist = false; + c->address_families_allow_list = false; return 0; } @@ -3203,7 +3203,7 @@ int config_parse_address_families( if (!c->address_families) return log_oom(); - c->address_families_whitelist = !invert; + c->address_families_allow_list = !invert; } for (p = rvalue;;) { @@ -3231,7 +3231,7 @@ int config_parse_address_families( /* If we previously wanted to forbid an address family and now * we want to allow it, then just remove it from the list. */ - if (!invert == c->address_families_whitelist) { + if (!invert == c->address_families_allow_list) { r = set_put(c->address_families, INT_TO_PTR(af)); if (r < 0) return log_oom(); diff --git a/src/core/namespace.c b/src/core/namespace.c index 423a47c7b8..7bb4440747 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1067,7 +1067,7 @@ static int apply_mount( return 0; } -static int make_read_only(const MountEntry *m, char **blacklist, FILE *proc_self_mountinfo) { +static int make_read_only(const MountEntry *m, char **deny_list, FILE *proc_self_mountinfo) { unsigned long new_flags = 0, flags_mask = 0; bool submounts = false; int r = 0; @@ -1096,7 +1096,7 @@ static int make_read_only(const MountEntry *m, char **blacklist, FILE *proc_self mount_entry_read_only(m) && !IN_SET(m->mode, EMPTY_DIR, TMPFS); if (submounts) - r = bind_remount_recursive_with_mountinfo(mount_entry_path(m), new_flags, flags_mask, blacklist, proc_self_mountinfo); + r = bind_remount_recursive_with_mountinfo(mount_entry_path(m), new_flags, flags_mask, deny_list, proc_self_mountinfo); else r = bind_remount_one_with_mountinfo(mount_entry_path(m), new_flags, flags_mask, proc_self_mountinfo); @@ -1538,7 +1538,7 @@ int setup_namespace( if (n_mounts > 0) { _cleanup_fclose_ FILE *proc_self_mountinfo = NULL; - _cleanup_free_ char **blacklist = NULL; + _cleanup_free_ char **deny_list = NULL; size_t j; /* Open /proc/self/mountinfo now as it may become unavailable if we mount anything on top of /proc. @@ -1591,19 +1591,19 @@ int setup_namespace( normalize_mounts(root, mounts, &n_mounts); } - /* Create a blacklist we can pass to bind_mount_recursive() */ - blacklist = new(char*, n_mounts+1); - if (!blacklist) { + /* Create a deny list we can pass to bind_mount_recursive() */ + deny_list = new(char*, n_mounts+1); + if (!deny_list) { r = -ENOMEM; goto finish; } for (j = 0; j < n_mounts; j++) - blacklist[j] = (char*) mount_entry_path(mounts+j); - blacklist[j] = NULL; + deny_list[j] = (char*) mount_entry_path(mounts+j); + deny_list[j] = NULL; /* Second round, flip the ro bits if necessary. */ for (m = mounts; m < mounts + n_mounts; ++m) { - r = make_read_only(m, blacklist, proc_self_mountinfo); + r = make_read_only(m, deny_list, proc_self_mountinfo); if (r < 0) { if (error_path && mount_entry_path(m)) *error_path = strdup(mount_entry_path(m)); diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 2c341702dd..b93fbb8660 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -39,7 +39,7 @@ static bool arg_enabled = true; static bool arg_read_crypttab = true; static const char *arg_crypttab = NULL; static const char *arg_runtime_directory = NULL; -static bool arg_whitelist = false; +static bool arg_allow_list = false; static Hashmap *arg_disks = NULL; static char *arg_default_options = NULL; static char *arg_default_keyfile = NULL; @@ -495,7 +495,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat if (!d) return log_oom(); - d->create = arg_whitelist = true; + d->create = arg_allow_list = true; } else if (streq(key, "luks.options")) { @@ -559,7 +559,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat if (!d) return log_oom(); - d->create = arg_whitelist = true; + d->create = arg_allow_list = true; free_and_replace(d->name, uuid_value); } else @@ -622,7 +622,7 @@ static int add_crypttab_devices(void) { if (uuid) d = hashmap_get(arg_disks, uuid); - if (arg_whitelist && !d) { + if (arg_allow_list && !d) { log_info("Not creating device '%s' because it was not specified on the kernel command line.", name); continue; } diff --git a/src/libudev/libudev-util.c b/src/libudev/libudev-util.c index 37660d0313..4a471fb90d 100644 --- a/src/libudev/libudev-util.c +++ b/src/libudev/libudev-util.c @@ -154,8 +154,8 @@ size_t util_replace_whitespace(const char *str, char *to, size_t len) { return j; } -/* allow chars in whitelist, plain ascii, hex-escaping and valid utf8 */ -size_t util_replace_chars(char *str, const char *white) { +/* allow chars in allow list, plain ascii, hex-escaping and valid utf8 */ +size_t util_replace_chars(char *str, const char *allow) { size_t i = 0, replaced = 0; assert(str); @@ -163,7 +163,7 @@ size_t util_replace_chars(char *str, const char *white) { while (str[i] != '\0') { int len; - if (whitelisted_char_for_devnode(str[i], white)) { + if (allow_listed_char_for_devnode(str[i], allow)) { i++; continue; } @@ -182,7 +182,7 @@ size_t util_replace_chars(char *str, const char *white) { } /* if space is allowed, replace whitespace with ordinary space */ - if (isspace(str[i]) && white && strchr(white, ' ')) { + if (isspace(str[i]) && allow && strchr(allow, ' ')) { str[i] = ' '; i++; replaced++; diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 4289461df6..475759c79b 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -601,10 +601,10 @@ static int manager_count_external_displays(Manager *m) { if (sd_device_get_sysname(d, &nn) < 0) continue; - /* Ignore internal displays: the type is encoded in the sysfs name, as the second dash separated item - * (the first is the card name, the last the connector number). We implement a blacklist of external - * displays here, rather than a whitelist of internal ones, to ensure we don't block suspends too - * eagerly. */ + /* Ignore internal displays: the type is encoded in the sysfs name, as the second dash + * separated item (the first is the card name, the last the connector number). We implement a + * deny list of external displays here, rather than an allow list of internal ones, to ensure + * we don't block suspends too eagerly. */ dash = strchr(nn, '-'); if (!dash) continue; diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c index 6103792771..20dae6c19f 100644 --- a/src/network/networkd-dhcp4.c +++ b/src/network/networkd-dhcp4.c @@ -1051,7 +1051,7 @@ static int dhcp_lease_ip_change(sd_dhcp_client *client, Link *link) { return 0; } -static int dhcp_server_is_black_listed(Link *link, sd_dhcp_client *client) { +static int dhcp_server_is_deny_listed(Link *link, sd_dhcp_client *client) { sd_dhcp_lease *lease; struct in_addr addr; int r; @@ -1068,10 +1068,10 @@ static int dhcp_server_is_black_listed(Link *link, sd_dhcp_client *client) { if (r < 0) return log_link_debug_errno(link, r, "Failed to get DHCP server ip address: %m"); - if (set_contains(link->network->dhcp_black_listed_ip, UINT32_TO_PTR(addr.s_addr))) { + if (set_contains(link->network->dhcp_deny_listed_ip, UINT32_TO_PTR(addr.s_addr))) { log_struct(LOG_DEBUG, LOG_LINK_INTERFACE(link), - LOG_LINK_MESSAGE(link, "DHCPv4 ip '%u.%u.%u.%u' found in black listed ip addresses, ignoring offer", + LOG_LINK_MESSAGE(link, "DHCPv4 ip '%u.%u.%u.%u' found in deny-listed ip addresses, ignoring offer", ADDRESS_FMT_VAL(addr))); return true; } @@ -1163,7 +1163,7 @@ static int dhcp4_handler(sd_dhcp_client *client, int event, void *userdata) { } break; case SD_DHCP_CLIENT_EVENT_SELECTING: - r = dhcp_server_is_black_listed(link, client); + r = dhcp_server_is_deny_listed(link, client); if (r < 0) return r; if (r != 0) @@ -1551,7 +1551,7 @@ int config_parse_dhcp_max_attempts( return 0; } -int config_parse_dhcp_black_listed_ip_address( +int config_parse_dhcp_deny_listed_ip_address( const char *unit, const char *filename, unsigned line, @@ -1572,7 +1572,7 @@ int config_parse_dhcp_black_listed_ip_address( assert(data); if (isempty(rvalue)) { - network->dhcp_black_listed_ip = set_free(network->dhcp_black_listed_ip); + network->dhcp_deny_listed_ip = set_free(network->dhcp_deny_listed_ip); return 0; } @@ -1583,7 +1583,7 @@ int config_parse_dhcp_black_listed_ip_address( r = extract_first_word(&p, &n, NULL, 0); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, - "Failed to parse DHCP black listed ip address, ignoring assignment: %s", + "Failed to parse DHCP deny-listed IP address, ignoring assignment: %s", rvalue); return 0; } @@ -1593,14 +1593,14 @@ int config_parse_dhcp_black_listed_ip_address( r = in_addr_from_string(AF_INET, n, &ip); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, - "DHCP black listed ip address is invalid, ignoring assignment: %s", n); + "DHCP deny-listed IP address is invalid, ignoring assignment: %s", n); continue; } - r = set_ensure_put(&network->dhcp_black_listed_ip, NULL, UINT32_TO_PTR(ip.in.s_addr)); + r = set_ensure_put(&network->dhcp_deny_listed_ip, NULL, UINT32_TO_PTR(ip.in.s_addr)); if (r < 0) log_syntax(unit, LOG_ERR, filename, line, r, - "Failed to store DHCP black listed ip address '%s', ignoring assignment: %m", n); + "Failed to store DHCP deny-listed IP address '%s', ignoring assignment: %m", n); } return 0; diff --git a/src/network/networkd-dhcp4.h b/src/network/networkd-dhcp4.h index a6e24be78d..567ee724da 100644 --- a/src/network/networkd-dhcp4.h +++ b/src/network/networkd-dhcp4.h @@ -23,7 +23,7 @@ int dhcp4_set_client_identifier(Link *link); int dhcp4_set_promote_secondaries(Link *link); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_client_identifier); -CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_black_listed_ip_address); +CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_deny_listed_ip_address); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_max_attempts); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_ip_service_type); CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_mud_url); diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index 7889bfb191..563901e33b 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -723,12 +723,12 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) { if (r < 0) return log_link_error_errno(link, r, "Failed to get prefix address: %m"); - if (set_contains(link->network->ndisc_black_listed_prefix, &a.in6)) { + if (set_contains(link->network->ndisc_deny_listed_prefix, &a.in6)) { if (DEBUG_LOGGING) { _cleanup_free_ char *b = NULL; (void) in_addr_to_string(AF_INET6, &a, &b); - log_link_debug(link, "Prefix '%s' is black listed, ignoring", strna(b)); + log_link_debug(link, "Prefix '%s' is deny-listed, ignoring", strna(b)); } break; @@ -915,7 +915,7 @@ DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR( IPv6Token, free); -int config_parse_ndisc_black_listed_prefix( +int config_parse_ndisc_deny_listed_prefix( const char *unit, const char *filename, unsigned line, @@ -937,7 +937,7 @@ int config_parse_ndisc_black_listed_prefix( assert(data); if (isempty(rvalue)) { - network->ndisc_black_listed_prefix = set_free_free(network->ndisc_black_listed_prefix); + network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix); return 0; } @@ -949,7 +949,7 @@ int config_parse_ndisc_black_listed_prefix( r = extract_first_word(&p, &n, NULL, 0); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, - "Failed to parse NDISC black listed prefix, ignoring assignment: %s", + "Failed to parse NDISC deny-listed prefix, ignoring assignment: %s", rvalue); return 0; } @@ -959,18 +959,18 @@ int config_parse_ndisc_black_listed_prefix( r = in_addr_from_string(AF_INET6, n, &ip); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, - "NDISC black listed prefix is invalid, ignoring assignment: %s", n); + "NDISC deny-listed prefix is invalid, ignoring assignment: %s", n); continue; } - if (set_contains(network->ndisc_black_listed_prefix, &ip.in6)) + if (set_contains(network->ndisc_deny_listed_prefix, &ip.in6)) continue; a = newdup(struct in6_addr, &ip.in6, 1); if (!a) return log_oom(); - r = set_ensure_consume(&network->ndisc_black_listed_prefix, &in6_addr_hash_ops, TAKE_PTR(a)); + r = set_ensure_consume(&network->ndisc_deny_listed_prefix, &in6_addr_hash_ops, TAKE_PTR(a)); if (r < 0) return log_oom(); } diff --git a/src/network/networkd-ndisc.h b/src/network/networkd-ndisc.h index 68cd1c2bd7..0bc2882a6c 100644 --- a/src/network/networkd-ndisc.h +++ b/src/network/networkd-ndisc.h @@ -51,7 +51,7 @@ int ndisc_configure(Link *link); void ndisc_vacuum(Link *link); void ndisc_flush(Link *link); -CONFIG_PARSER_PROTOTYPE(config_parse_ndisc_black_listed_prefix); +CONFIG_PARSER_PROTOTYPE(config_parse_ndisc_deny_listed_prefix); CONFIG_PARSER_PROTOTYPE(config_parse_address_generation_type); CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_accept_ra_start_dhcp6_client); diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index 046eedc4bf..0326ae62de 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -187,7 +187,8 @@ DHCPv4.IAID, config_parse_iaid, DHCPv4.ListenPort, config_parse_uint16, 0, offsetof(Network, dhcp_client_port) DHCPv4.SendRelease, config_parse_bool, 0, offsetof(Network, dhcp_send_release) DHCPv4.SendDecline, config_parse_bool, 0, offsetof(Network, dhcp_send_decline) -DHCPv4.BlackList, config_parse_dhcp_black_listed_ip_address, 0, 0 +DHCPv4.DenyList, config_parse_dhcp_deny_listed_ip_address, 0, 0 +DHCPv4.BlackList, config_parse_dhcp_deny_listed_ip_address, 0, 0 DHCPv4.IPServiceType, config_parse_dhcp_ip_service_type, 0, offsetof(Network, ip_service_type) DHCPv4.SendOption, config_parse_dhcp_send_option, AF_INET, offsetof(Network, dhcp_client_send_options) DHCPv4.SendVendorOption, config_parse_dhcp_send_option, 0, offsetof(Network, dhcp_client_send_vendor_options) @@ -214,7 +215,8 @@ IPv6AcceptRA.UseDNS, config_parse_bool, IPv6AcceptRA.UseDomains, config_parse_dhcp_use_domains, 0, offsetof(Network, ipv6_accept_ra_use_domains) IPv6AcceptRA.DHCPv6Client, config_parse_ipv6_accept_ra_start_dhcp6_client, 0, offsetof(Network, ipv6_accept_ra_start_dhcp6_client) IPv6AcceptRA.RouteTable, config_parse_section_route_table, 0, 0 -IPv6AcceptRA.BlackList, config_parse_ndisc_black_listed_prefix, 0, 0 +IPv6AcceptRA.DenyList, config_parse_ndisc_deny_listed_prefix, 0, 0 +IPv6AcceptRA.BlackList, config_parse_ndisc_deny_listed_prefix, 0, 0 DHCPServer.MaxLeaseTimeSec, config_parse_sec, 0, offsetof(Network, dhcp_server_max_lease_time_usec) DHCPServer.DefaultLeaseTimeSec, config_parse_sec, 0, offsetof(Network, dhcp_server_default_lease_time_usec) DHCPServer.EmitDNS, config_parse_bool, 0, offsetof(Network, dhcp_server_emit[SD_DHCP_LEASE_DNS].emit) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 8478fe8c9e..0d54a7ef6b 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -662,7 +662,7 @@ static Network *network_free(Network *network) { free(network->dhcp_mudurl); strv_free(network->dhcp_user_class); free(network->dhcp_hostname); - set_free(network->dhcp_black_listed_ip); + set_free(network->dhcp_deny_listed_ip); set_free(network->dhcp_request_options); set_free(network->dhcp6_request_options); free(network->mac); @@ -681,7 +681,7 @@ static Network *network_free(Network *network) { ordered_set_free_free(network->router_search_domains); free(network->router_dns); - set_free_free(network->ndisc_black_listed_prefix); + set_free_free(network->ndisc_deny_listed_prefix); free(network->bridge_name); free(network->bond_name); diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h index a2fcc5209b..67cf056b9d 100644 --- a/src/network/networkd-network.h +++ b/src/network/networkd-network.h @@ -129,7 +129,7 @@ struct Network { bool dhcp_send_decline; DHCPUseDomains dhcp_use_domains; sd_ipv4acd *dhcp_acd; - Set *dhcp_black_listed_ip; + Set *dhcp_deny_listed_ip; Set *dhcp_request_options; OrderedHashmap *dhcp_client_send_options; OrderedHashmap *dhcp_client_send_vendor_options; @@ -241,7 +241,7 @@ struct Network { DHCPUseDomains ipv6_accept_ra_use_domains; IPv6AcceptRAStartDHCP6Client ipv6_accept_ra_start_dhcp6_client; uint32_t ipv6_accept_ra_route_table; - Set *ndisc_black_listed_prefix; + Set *ndisc_deny_listed_prefix; OrderedHashmap *ipv6_tokens; IPv6PrivacyExtensions ipv6_privacy_extensions; diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c index 9a82443c66..e3ade92371 100644 --- a/src/nspawn/nspawn-oci.c +++ b/src/nspawn/nspawn-oci.c @@ -57,7 +57,7 @@ * spec should say what to do with unknown props * /bin/mount regarding NFS and FUSE required? * what does terminal=false mean? - * sysctl inside or outside? whitelisting? + * sysctl inside or outside? allow-listing? * swapiness typo -> swappiness * * Unsupported: @@ -1029,39 +1029,40 @@ static int oci_cgroup_devices(const char *name, JsonVariant *v, JsonDispatchFlag return r; if (!data.allow) { - /* The fact that OCI allows 'deny' entries makes really no sense, as 'allow' vs. 'deny' for the - * devices cgroup controller is really not about whitelisting and blacklisting but about adding - * and removing entries from the whitelist. Since we always start out with an empty whitelist - * we hence ignore the whole thing, as removing entries which don't exist make no sense. We'll - * log about this, since this is really borked in the spec, with one exception: the entry - * that's supposed to drop the kernel's default we ignore silently */ + /* The fact that OCI allows 'deny' entries makes really no sense, as 'allow' + * vs. 'deny' for the devices cgroup controller is really not about allow-listing and + * deny-listing but about adding and removing entries from the allow list. Since we + * always start out with an empty allow list we hence ignore the whole thing, as + * removing entries which don't exist make no sense. We'll log about this, since this + * is really borked in the spec, with one exception: the entry that's supposed to + * drop the kernel's default we ignore silently */ if (!data.r || !data.w || !data.m || data.type != 0 || data.major != (unsigned) -1 || data.minor != (unsigned) -1) - json_log(v, flags|JSON_WARNING, 0, "Devices cgroup whitelist with arbitrary 'allow' entries not supported, ignoring."); + json_log(v, flags|JSON_WARNING, 0, "Devices cgroup allow list with arbitrary 'allow' entries not supported, ignoring."); /* We ignore the 'deny' entry as for us that's implied */ continue; } if (!data.r && !data.w && !data.m) { - json_log(v, flags|LOG_WARNING, 0, "Device cgroup whitelist entry with no effect found, ignoring."); + json_log(v, flags|LOG_WARNING, 0, "Device cgroup allow list entry with no effect found, ignoring."); continue; } if (data.minor != (unsigned) -1 && data.major == (unsigned) -1) return json_log(v, flags, SYNTHETIC_ERRNO(EOPNOTSUPP), - "Device cgroup whitelist entries with minors but no majors not supported."); + "Device cgroup allow list entries with minors but no majors not supported."); if (data.major != (unsigned) -1 && data.type == 0) return json_log(v, flags, SYNTHETIC_ERRNO(EOPNOTSUPP), - "Device cgroup whitelist entries with majors but no device node type not supported."); + "Device cgroup allow list entries with majors but no device node type not supported."); if (data.type == 0) { - if (data.r && data.w && data.m) /* a catchall whitelist entry means we are looking at a noop */ + if (data.r && data.w && data.m) /* a catchall allow list entry means we are looking at a noop */ noop = true; else return json_log(v, flags, SYNTHETIC_ERRNO(EOPNOTSUPP), - "Device cgroup whitelist entries with no type not supported."); + "Device cgroup allow list entries with no type not supported."); } a = reallocarray(list, n_list + 1, sizeof(struct device_data)); diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c index f94f131f22..79110d90d5 100644 --- a/src/nspawn/nspawn-seccomp.c +++ b/src/nspawn/nspawn-seccomp.c @@ -25,13 +25,13 @@ static int seccomp_add_default_syscall_filter( scmp_filter_ctx ctx, uint32_t arch, uint64_t cap_list_retain, - char **syscall_whitelist, - char **syscall_blacklist) { + char **syscall_allow_list, + char **syscall_deny_list) { static const struct { uint64_t capability; const char* name; - } whitelist[] = { + } allow_list[] = { /* Let's use set names where we can */ { 0, "@aio" }, { 0, "@basic-io" }, @@ -142,17 +142,17 @@ static int seccomp_add_default_syscall_filter( char **p; int r; - for (size_t i = 0; i < ELEMENTSOF(whitelist); i++) { - if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0) + for (size_t i = 0; i < ELEMENTSOF(allow_list); i++) { + if (allow_list[i].capability != 0 && (cap_list_retain & (1ULL << allow_list[i].capability)) == 0) continue; - r = seccomp_add_syscall_filter_item(ctx, whitelist[i].name, SCMP_ACT_ALLOW, syscall_blacklist, false); + r = seccomp_add_syscall_filter_item(ctx, allow_list[i].name, SCMP_ACT_ALLOW, syscall_deny_list, false); if (r < 0) - return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name); + return log_error_errno(r, "Failed to add syscall filter item %s: %m", allow_list[i].name); } - STRV_FOREACH(p, syscall_whitelist) { - r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true); + STRV_FOREACH(p, syscall_allow_list) { + r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_deny_list, true); if (r < 0) log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", *p, seccomp_arch_to_string(arch)); @@ -161,7 +161,7 @@ static int seccomp_add_default_syscall_filter( return 0; } -int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist) { +int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list) { uint32_t arch; int r; @@ -173,13 +173,13 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys SECCOMP_FOREACH_LOCAL_ARCH(arch) { _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL; - log_debug("Applying whitelist on architecture: %s", seccomp_arch_to_string(arch)); + log_debug("Applying allow list on architecture: %s", seccomp_arch_to_string(arch)); r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ERRNO(EPERM)); if (r < 0) return log_error_errno(r, "Failed to allocate seccomp object: %m"); - r = seccomp_add_default_syscall_filter(seccomp, arch, cap_list_retain, syscall_whitelist, syscall_blacklist); + r = seccomp_add_default_syscall_filter(seccomp, arch, cap_list_retain, syscall_allow_list, syscall_deny_list); if (r < 0) return r; @@ -231,7 +231,7 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys #else -int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist) { +int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_list, char **syscall_deny_list) { return 0; } diff --git a/src/nspawn/nspawn-seccomp.h b/src/nspawn/nspawn-seccomp.h index d852eef638..4174323520 100644 --- a/src/nspawn/nspawn-seccomp.h +++ b/src/nspawn/nspawn-seccomp.h @@ -3,4 +3,4 @@ #include <sys/types.h> -int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist); +int setup_seccomp(uint64_t cap_list_retain, char **syscall_allow_ist, char **syscall_deny_list); diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index 996c0027c3..d341fa25aa 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -129,8 +129,8 @@ Settings* settings_free(Settings *s) { free(s->pivot_root_new); free(s->pivot_root_old); free(s->working_directory); - strv_free(s->syscall_whitelist); - strv_free(s->syscall_blacklist); + strv_free(s->syscall_allow_list); + strv_free(s->syscall_deny_list); rlimit_free_all(s->rlimit); free(s->hostname); cpu_set_reset(&s->cpu_set); @@ -689,9 +689,9 @@ int config_parse_syscall_filter( } if (negative) - r = strv_extend(&settings->syscall_blacklist, word); + r = strv_extend(&settings->syscall_deny_list, word); else - r = strv_extend(&settings->syscall_whitelist, word); + r = strv_extend(&settings->syscall_allow_list, word); if (r < 0) return log_oom(); } diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h index 24f98fd7ef..ab31c05a9e 100644 --- a/src/nspawn/nspawn-settings.h +++ b/src/nspawn/nspawn-settings.h @@ -165,8 +165,8 @@ typedef struct Settings { UserNamespaceMode userns_mode; uid_t uid_shift, uid_range; bool notify_ready; - char **syscall_whitelist; - char **syscall_blacklist; + char **syscall_allow_list; + char **syscall_deny_list; struct rlimit *rlimit[_RLIMIT_MAX]; char *hostname; int no_new_privileges; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index ae6828f2bf..2f86d4094d 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -201,8 +201,8 @@ static MountSettingsMask arg_mount_settings = MOUNT_APPLY_APIVFS_RO|MOUNT_APPLY_ static void *arg_root_hash = NULL; static char *arg_verity_data = NULL; static size_t arg_root_hash_size = 0; -static char **arg_syscall_whitelist = NULL; -static char **arg_syscall_blacklist = NULL; +static char **arg_syscall_allow_list = NULL; +static char **arg_syscall_deny_list = NULL; #if HAVE_SECCOMP static scmp_filter_ctx arg_seccomp = NULL; #endif @@ -244,8 +244,8 @@ STATIC_DESTRUCTOR_REGISTER(arg_property_message, sd_bus_message_unrefp); STATIC_DESTRUCTOR_REGISTER(arg_parameters, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep); STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep); -STATIC_DESTRUCTOR_REGISTER(arg_syscall_whitelist, strv_freep); -STATIC_DESTRUCTOR_REGISTER(arg_syscall_blacklist, strv_freep); +STATIC_DESTRUCTOR_REGISTER(arg_syscall_allow_list, strv_freep); +STATIC_DESTRUCTOR_REGISTER(arg_syscall_deny_list, strv_freep); #if HAVE_SECCOMP STATIC_DESTRUCTOR_REGISTER(arg_seccomp, seccomp_releasep); #endif @@ -1346,9 +1346,9 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(r, "Failed to parse system call filter: %m"); if (negative) - r = strv_extend(&arg_syscall_blacklist, word); + r = strv_extend(&arg_syscall_deny_list, word); else - r = strv_extend(&arg_syscall_whitelist, word); + r = strv_extend(&arg_syscall_allow_list, word); if (r < 0) return log_oom(); } @@ -2175,10 +2175,11 @@ static int setup_dev_console(const char *console) { static int setup_keyring(void) { key_serial_t keyring; - /* Allocate a new session keyring for the container. This makes sure the keyring of the session systemd-nspawn - * was invoked from doesn't leak into the container. Note that by default we block keyctl() and request_key() - * anyway via seccomp so doing this operation isn't strictly necessary, but in case people explicitly whitelist - * these system calls let's make sure we don't leak anything into the container. */ + /* Allocate a new session keyring for the container. This makes sure the keyring of the session + * systemd-nspawn was invoked from doesn't leak into the container. Note that by default we block + * keyctl() and request_key() anyway via seccomp so doing this operation isn't strictly necessary, + * but in case people explicitly allow-list these system calls let's make sure we don't leak anything + * into the container. */ keyring = keyctl(KEYCTL_JOIN_SESSION_KEYRING, 0, 0, 0, 0); if (keyring == -1) { @@ -3089,7 +3090,7 @@ static int inner_child( } else #endif { - r = setup_seccomp(arg_caps_retain, arg_syscall_whitelist, arg_syscall_blacklist); + r = setup_seccomp(arg_caps_retain, arg_syscall_allow_list, arg_syscall_deny_list); if (r < 0) return r; } @@ -3954,11 +3955,11 @@ static int merge_settings(Settings *settings, const char *path) { if ((arg_settings_mask & SETTING_SYSCALL_FILTER) == 0) { - if (!arg_settings_trusted && !strv_isempty(settings->syscall_whitelist)) + if (!arg_settings_trusted && !strv_isempty(settings->syscall_allow_list)) log_warning("Ignoring SystemCallFilter= settings, file %s is not trusted.", path); else { - strv_free_and_replace(arg_syscall_whitelist, settings->syscall_whitelist); - strv_free_and_replace(arg_syscall_blacklist, settings->syscall_blacklist); + strv_free_and_replace(arg_syscall_allow_list, settings->syscall_allow_list); + strv_free_and_replace(arg_syscall_deny_list, settings->syscall_deny_list); } #if HAVE_SECCOMP diff --git a/src/partition/growfs.c b/src/partition/growfs.c index 7e2452a5d1..98a7e4d31d 100644 --- a/src/partition/growfs.c +++ b/src/partition/growfs.c @@ -79,7 +79,7 @@ static int resize_crypt_luks_device(dev_t devno, const char *fstype, dev_t main_ } #endif -static int maybe_resize_slave_device(const char *mountpath, dev_t main_devno) { +static int maybe_resize_underlying_device(const char *mountpath, dev_t main_devno) { _cleanup_free_ char *fstype = NULL, *devpath = NULL; dev_t devno; int r; @@ -213,7 +213,7 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_error_errno(r, "Failed to determine block device of \"%s\": %m", arg_target); - r = maybe_resize_slave_device(arg_target, devno); + r = maybe_resize_underlying_device(arg_target, devno); if (r < 0) return r; diff --git a/src/resolve/test-resolved-etc-hosts.c b/src/resolve/test-resolved-etc-hosts.c index ca3590066c..721bf8732e 100644 --- a/src/resolve/test-resolved-etc-hosts.c +++ b/src/resolve/test-resolved-etc-hosts.c @@ -65,7 +65,7 @@ static void test_parse_etc_hosts(void) { "1::2::3 multi.colon\n" "::0 some.where some.other\n" - "0.0.0.0 black.listed\n" + "0.0.0.0 deny.listed\n" "::5\t\t\t \tsome.where\tsome.other foobar.foo.foo\t\t\t\n" " \n", f); assert_se(fflush_and_check(f) >= 0); @@ -123,7 +123,7 @@ static void test_parse_etc_hosts(void) { assert_se( set_contains(hosts.no_address, "some.where")); assert_se( set_contains(hosts.no_address, "some.other")); - assert_se( set_contains(hosts.no_address, "black.listed")); + assert_se( set_contains(hosts.no_address, "deny.listed")); assert_se(!set_contains(hosts.no_address, "foobar.foo.foo")); } diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index d93d5d6013..6cfac82146 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1173,11 +1173,11 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con if (STR_IN_SET(field, "RestrictAddressFamilies", "SystemCallFilter")) { - int whitelist = 1; + int allow_list = 1; const char *p = eq; if (*p == '~') { - whitelist = 0; + allow_list = 0; p++; } @@ -1197,7 +1197,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con if (r < 0) return bus_log_create_error(r); - r = sd_bus_message_append_basic(m, 'b', &whitelist); + r = sd_bus_message_append_basic(m, 'b', &allow_list); if (r < 0) return bus_log_create_error(r); diff --git a/src/shared/module-util.c b/src/shared/module-util.c index 9173cf2ffd..3e64d423c8 100644 --- a/src/shared/module-util.c +++ b/src/shared/module-util.c @@ -51,7 +51,7 @@ int module_load_and_warn(struct kmod_ctx *ctx, const char *module, bool verbose) "Inserted module '%s'", kmod_module_get_name(mod)); else if (err == KMOD_PROBE_APPLY_BLACKLIST) log_full(verbose ? LOG_INFO : LOG_DEBUG, - "Module '%s' is blacklisted", kmod_module_get_name(mod)); + "Module '%s' is deny-listed", kmod_module_get_name(mod)); else { assert(err < 0); diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index d188e6bd7f..45fdd3b2da 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -136,7 +136,7 @@ int bind_remount_recursive_with_mountinfo( const char *prefix, unsigned long new_flags, unsigned long flags_mask, - char **blacklist, + char **deny_list, FILE *proc_self_mountinfo) { _cleanup_set_free_free_ Set *done = NULL; @@ -154,8 +154,8 @@ int bind_remount_recursive_with_mountinfo( * do not have any effect on future submounts that might get propagated, they might be writable. This includes * future submounts that have been triggered via autofs. * - * If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the - * remount operation. Note that we'll ignore the blacklist for the top-level path. */ + * If the "deny_list" parameter is specified it may contain a list of subtrees to exclude from the + * remount operation. Note that we'll ignore the deny list for the top-level path. */ simplified = strdup(prefix); if (!simplified) @@ -203,13 +203,13 @@ int bind_remount_recursive_with_mountinfo( if (!path_startswith(path, simplified)) continue; - /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount + /* Ignore this mount if it is deny-listed, but only if it isn't the top-level mount * we shall operate on. */ if (!path_equal(path, simplified)) { - bool blacklisted = false; + bool deny_listed = false; char **i; - STRV_FOREACH(i, blacklist) { + STRV_FOREACH(i, deny_list) { if (path_equal(*i, simplified)) continue; @@ -217,13 +217,13 @@ int bind_remount_recursive_with_mountinfo( continue; if (path_startswith(path, *i)) { - blacklisted = true; - log_debug("Not remounting %s blacklisted by %s, called for %s", + deny_listed = true; + log_debug("Not remounting %s deny-listed by %s, called for %s", path, *i, simplified); break; } } - if (blacklisted) + if (deny_listed) continue; } @@ -314,7 +314,7 @@ int bind_remount_recursive( const char *prefix, unsigned long new_flags, unsigned long flags_mask, - char **blacklist) { + char **deny_list) { _cleanup_fclose_ FILE *proc_self_mountinfo = NULL; int r; @@ -323,7 +323,7 @@ int bind_remount_recursive( if (r < 0) return r; - return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, blacklist, proc_self_mountinfo); + return bind_remount_recursive_with_mountinfo(prefix, new_flags, flags_mask, deny_list, proc_self_mountinfo); } int bind_remount_one_with_mountinfo( diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h index c7c89b3345..bcbd32c840 100644 --- a/src/shared/mount-util.h +++ b/src/shared/mount-util.h @@ -28,8 +28,8 @@ int repeat_unmount(const char *path, int flags); int umount_recursive(const char *target, int flags); -int bind_remount_recursive(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **blacklist); -int bind_remount_recursive_with_mountinfo(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **blacklist, FILE *proc_self_mountinfo); +int bind_remount_recursive(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list); +int bind_remount_recursive_with_mountinfo(const char *prefix, unsigned long new_flags, unsigned long flags_mask, char **deny_list, FILE *proc_self_mountinfo); int bind_remount_one_with_mountinfo(const char *path, unsigned long new_flags, unsigned long flags_mask, FILE *proc_self_mountinfo); int mount_move_root(const char *path); diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index de05fb092c..a8dd069a75 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -24,7 +24,7 @@ const uint32_t seccomp_local_archs[] = { - /* Note: always list the native arch we are compiled as last, so that users can blacklist seccomp(), but our own calls to it still succeed */ + /* Note: always list the native arch we are compiled as last, so that users can deny-list seccomp(), but our own calls to it still succeed */ #if defined(__x86_64__) && defined(__ILP32__) SCMP_ARCH_X86, @@ -1112,7 +1112,7 @@ int seccomp_parse_syscall_filter( /* If we previously wanted to forbid a syscall and now * we want to allow it, then remove it from the list. */ - if (!(flags & SECCOMP_PARSE_INVERT) == !!(flags & SECCOMP_PARSE_WHITELIST)) { + if (!(flags & SECCOMP_PARSE_INVERT) == !!(flags & SECCOMP_PARSE_ALLOW_LIST)) { r = hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(errno_num)); if (r < 0) switch (r) { @@ -1315,7 +1315,7 @@ int seccomp_protect_syslog(void) { return 0; } -int seccomp_restrict_address_families(Set *address_families, bool whitelist) { +int seccomp_restrict_address_families(Set *address_families, bool allow_list) { uint32_t arch; int r; @@ -1362,13 +1362,13 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { if (r < 0) return r; - if (whitelist) { + if (allow_list) { int af, first = 0, last = 0; void *afp; - /* If this is a whitelist, we first block the address families that are out of range and then - * everything that is not in the set. First, we find the lowest and highest address family in - * the set. */ + /* If this is an allow list, we first block the address families that are out of + * range and then everything that is not in the set. First, we find the lowest and + * highest address family in the set. */ SET_FOREACH(afp, address_families, i) { af = PTR_TO_INT(afp); @@ -1448,9 +1448,8 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { } else { void *af; - /* If this is a blacklist, then generate one rule for - * each address family that are then combined in OR - * checks. */ + /* If this is a deny list, then generate one rule for each address family that are + * then combined in OR checks. */ SET_FOREACH(af, address_families, i) { @@ -1506,11 +1505,11 @@ int seccomp_restrict_realtime(void) { return r; /* Go through all policies with lower values than that, and block them -- unless they appear in the - * whitelist. */ + * allow list. */ for (p = 0; p < max_policy; p++) { bool good = false; - /* Check if this is in the whitelist. */ + /* Check if this is in the allow list. */ for (i = 0; i < ELEMENTSOF(permitted_policies); i++) if (permitted_policies[i] == p) { good = true; @@ -1533,8 +1532,8 @@ int seccomp_restrict_realtime(void) { } } - /* Blacklist all other policies, i.e. the ones with higher values. Note that all comparisons are - * unsigned here, hence no need no check for < 0 values. */ + /* Deny-list all other policies, i.e. the ones with higher values. Note that all comparisons + * are unsigned here, hence no need no check for < 0 values. */ r = seccomp_rule_add_exact( seccomp, SCMP_ACT_ERRNO(EPERM), diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 9580f9268d..ef970434c6 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -66,7 +66,7 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, u typedef enum SeccompParseFlags { SECCOMP_PARSE_INVERT = 1 << 0, - SECCOMP_PARSE_WHITELIST = 1 << 1, + SECCOMP_PARSE_ALLOW_LIST = 1 << 1, SECCOMP_PARSE_LOG = 1 << 2, SECCOMP_PARSE_PERMISSIVE = 1 << 3, } SeccompParseFlags; @@ -83,7 +83,7 @@ int seccomp_restrict_archs(Set *archs); int seccomp_restrict_namespaces(unsigned long retain); int seccomp_protect_sysctl(void); int seccomp_protect_syslog(void); -int seccomp_restrict_address_families(Set *address_families, bool whitelist); +int seccomp_restrict_address_families(Set *address_families, bool allow_list); int seccomp_restrict_realtime(void); int seccomp_memory_deny_write_execute(void); int seccomp_lock_personality(unsigned long personality); diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 681992b7e5..4d793d75e2 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -4819,13 +4819,13 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m } else if (STR_IN_SET(name, "SystemCallFilter", "RestrictAddressFamilies")) { _cleanup_strv_free_ char **l = NULL; - int whitelist; + int allow_list; r = sd_bus_message_enter_container(m, 'r', "bas"); if (r < 0) return bus_log_parse_error(r); - r = sd_bus_message_read(m, "b", &whitelist); + r = sd_bus_message_read(m, "b", &allow_list); if (r < 0) return bus_log_parse_error(r); @@ -4837,7 +4837,7 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m if (r < 0) return bus_log_parse_error(r); - if (all || whitelist || !strv_isempty(l)) { + if (all || allow_list || !strv_isempty(l)) { bool first = true; char **i; @@ -4846,7 +4846,7 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m fputc('=', stdout); } - if (!whitelist) + if (!allow_list) fputc('~', stdout); STRV_FOREACH(i, l) { diff --git a/src/test/test-bpf-devices.c b/src/test/test-bpf-devices.c index 1322af4812..d2740bca73 100644 --- a/src/test/test-bpf-devices.c +++ b/src/test/test-bpf-devices.c @@ -24,7 +24,7 @@ static void test_policy_closed(const char *cgroup_path, BPFProgram **installed_p r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_CLOSED, true); assert_se(r >= 0); - r = bpf_devices_whitelist_static(prog, cgroup_path); + r = bpf_devices_allow_list_static(prog, cgroup_path); assert_se(r >= 0); r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_CLOSED, true, cgroup_path, installed_prog); @@ -62,13 +62,13 @@ static void test_policy_strict(const char *cgroup_path, BPFProgram **installed_p r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_STRICT, true); assert_se(r >= 0); - r = bpf_devices_whitelist_device(prog, cgroup_path, "/dev/null", "rw"); + r = bpf_devices_allow_list_device(prog, cgroup_path, "/dev/null", "rw"); assert_se(r >= 0); - r = bpf_devices_whitelist_device(prog, cgroup_path, "/dev/random", "r"); + r = bpf_devices_allow_list_device(prog, cgroup_path, "/dev/random", "r"); assert_se(r >= 0); - r = bpf_devices_whitelist_device(prog, cgroup_path, "/dev/zero", "w"); + r = bpf_devices_allow_list_device(prog, cgroup_path, "/dev/zero", "w"); assert_se(r >= 0); r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_STRICT, true, cgroup_path, installed_prog); @@ -129,7 +129,7 @@ static void test_policy_strict(const char *cgroup_path, BPFProgram **installed_p assert_se(wrong == 0); } -static void test_policy_whitelist_major(const char *pattern, const char *cgroup_path, BPFProgram **installed_prog) { +static void test_policy_allow_list_major(const char *pattern, const char *cgroup_path, BPFProgram **installed_prog) { _cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL; unsigned wrong = 0; int r; @@ -139,7 +139,7 @@ static void test_policy_whitelist_major(const char *pattern, const char *cgroup_ r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_STRICT, true); assert_se(r >= 0); - r = bpf_devices_whitelist_major(prog, cgroup_path, pattern, 'c', "rw"); + r = bpf_devices_allow_list_major(prog, cgroup_path, pattern, 'c', "rw"); assert_se(r >= 0); r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_STRICT, true, cgroup_path, installed_prog); @@ -188,7 +188,7 @@ static void test_policy_whitelist_major(const char *pattern, const char *cgroup_ assert_se(wrong == 0); } -static void test_policy_whitelist_major_star(char type, const char *cgroup_path, BPFProgram **installed_prog) { +static void test_policy_allow_list_major_star(char type, const char *cgroup_path, BPFProgram **installed_prog) { _cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL; unsigned wrong = 0; int r; @@ -198,7 +198,7 @@ static void test_policy_whitelist_major_star(char type, const char *cgroup_path, r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_STRICT, true); assert_se(r >= 0); - r = bpf_devices_whitelist_major(prog, cgroup_path, "*", type, "rw"); + r = bpf_devices_allow_list_major(prog, cgroup_path, "*", type, "rw"); assert_se(r >= 0); r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_STRICT, true, cgroup_path, installed_prog); @@ -230,7 +230,7 @@ static void test_policy_empty(bool add_mismatched, const char *cgroup_path, BPFP assert_se(r >= 0); if (add_mismatched) { - r = bpf_devices_whitelist_major(prog, cgroup_path, "foobarxxx", 'c', "rw"); + r = bpf_devices_allow_list_major(prog, cgroup_path, "foobarxxx", 'c', "rw"); assert_se(r < 0); } @@ -287,11 +287,11 @@ int main(int argc, char *argv[]) { test_policy_closed(cgroup, &prog); test_policy_strict(cgroup, &prog); - test_policy_whitelist_major("mem", cgroup, &prog); - test_policy_whitelist_major("1", cgroup, &prog); + test_policy_allow_list_major("mem", cgroup, &prog); + test_policy_allow_list_major("1", cgroup, &prog); - test_policy_whitelist_major_star('c', cgroup, &prog); - test_policy_whitelist_major_star('b', cgroup, &prog); + test_policy_allow_list_major_star('c', cgroup, &prog); + test_policy_allow_list_major_star('b', cgroup, &prog); test_policy_empty(false, cgroup, &prog); test_policy_empty(true, cgroup, &prog); diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 43f66efa6c..9ca0620216 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -467,7 +467,7 @@ static void test_exec_restrictnamespaces(Manager *m) { test(__func__, m, "exec-restrictnamespaces-no.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED); test(__func__, m, "exec-restrictnamespaces-yes.service", 1, CLD_EXITED); test(__func__, m, "exec-restrictnamespaces-mnt.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED); - test(__func__, m, "exec-restrictnamespaces-mnt-blacklist.service", 1, CLD_EXITED); + test(__func__, m, "exec-restrictnamespaces-mnt-deny-list.service", 1, CLD_EXITED); test(__func__, m, "exec-restrictnamespaces-merge-and.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED); test(__func__, m, "exec-restrictnamespaces-merge-or.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED); test(__func__, m, "exec-restrictnamespaces-merge-all.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED); diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index b09d031f5d..eec2779a9e 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -123,7 +123,7 @@ static void test_filter_sets(void) { if (pid == 0) { /* Child? */ int fd; - /* If we look at the default set (or one that includes it), whitelist instead of blacklist */ + /* If we look at the default set (or one that includes it), allow-list instead of deny-list */ if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE)) r = seccomp_load_syscall_filter_set(SCMP_ACT_ERRNO(EUCLEAN), syscall_filter_sets + i, SCMP_ACT_ALLOW, true); else diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 7ad6f13b66..2404e36bf2 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -2405,8 +2405,7 @@ static bool should_include_path(const char *path) { return true; } - /* no matches, so we should include this path only if we - * have no whitelist at all */ + /* no matches, so we should include this path only if we have no allow list at all */ if (strv_isempty(arg_include_prefixes)) return true; |