seccomp: Replace the word 'blacklist'
Follow the inclusive terminology from the "Conscious Language in your Open Source Projects" guidelines [*] and replace the word "blacklist" appropriately. [*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210303184644.1639691-4-philmd@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
This commit is contained in:
parent
54fa79b793
commit
a202d75a99
|
@ -45,8 +45,8 @@ const struct scmp_arg_cmp sched_setscheduler_arg[] = {
|
||||||
{ .arg = 1, .op = SCMP_CMP_NE, .datum_a = SCHED_IDLE }
|
{ .arg = 1, .op = SCMP_CMP_NE, .datum_a = SCHED_IDLE }
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct QemuSeccompSyscall blacklist[] = {
|
static const struct QemuSeccompSyscall denylist[] = {
|
||||||
/* default set of syscalls to blacklist */
|
/* default set of syscalls that should get blocked */
|
||||||
{ SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT },
|
{ SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT },
|
||||||
{ SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT },
|
{ SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT },
|
||||||
{ SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT },
|
{ SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT },
|
||||||
|
@ -175,18 +175,18 @@ static int seccomp_start(uint32_t seccomp_opts, Error **errp)
|
||||||
goto seccomp_return;
|
goto seccomp_return;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
|
for (i = 0; i < ARRAY_SIZE(denylist); i++) {
|
||||||
uint32_t action;
|
uint32_t action;
|
||||||
if (!(seccomp_opts & blacklist[i].set)) {
|
if (!(seccomp_opts & denylist[i].set)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
action = qemu_seccomp_get_action(blacklist[i].set);
|
action = qemu_seccomp_get_action(denylist[i].set);
|
||||||
rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
|
rc = seccomp_rule_add_array(ctx, action, denylist[i].num,
|
||||||
blacklist[i].narg, blacklist[i].arg_cmp);
|
denylist[i].narg, denylist[i].arg_cmp);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
error_setg_errno(errp, -rc,
|
error_setg_errno(errp, -rc,
|
||||||
"failed to add seccomp blacklist rules");
|
"failed to add seccomp denylist rules");
|
||||||
goto seccomp_return;
|
goto seccomp_return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue