summaryrefslogtreecommitdiff
path: root/tools/virtiofsd
diff options
context:
space:
mode:
Diffstat (limited to 'tools/virtiofsd')
-rw-r--r--tools/virtiofsd/passthrough_ll.c6
-rw-r--r--tools/virtiofsd/passthrough_seccomp.c12
2 files changed, 9 insertions, 9 deletions
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 147b59338a..5f3afe8557 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -3204,7 +3204,7 @@ static void setup_mounts(const char *source)
}
/*
- * Only keep whitelisted capabilities that are needed for file system operation
+ * Only keep capabilities in allowlist that are needed for file system operation
* The (possibly NULL) modcaps_in string passed in is free'd before exit.
*/
static void setup_capabilities(char *modcaps_in)
@@ -3214,8 +3214,8 @@ static void setup_capabilities(char *modcaps_in)
capng_restore_state(&cap.saved);
/*
- * Whitelist file system-related capabilities that are needed for a file
- * server to act like root. Drop everything else like networking and
+ * Add to allowlist file system-related capabilities that are needed for a
+ * file server to act like root. Drop everything else like networking and
* sysadmin capabilities.
*
* Exclusions:
diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c
index ea852e2e33..62441cfcdb 100644
--- a/tools/virtiofsd/passthrough_seccomp.c
+++ b/tools/virtiofsd/passthrough_seccomp.c
@@ -21,7 +21,7 @@
#endif
#endif
-static const int syscall_whitelist[] = {
+static const int syscall_allowlist[] = {
/* TODO ireg sem*() syscalls */
SCMP_SYS(brk),
SCMP_SYS(capget), /* For CAP_FSETID */
@@ -117,12 +117,12 @@ static const int syscall_whitelist[] = {
};
/* Syscalls used when --syslog is enabled */
-static const int syscall_whitelist_syslog[] = {
+static const int syscall_allowlist_syslog[] = {
SCMP_SYS(send),
SCMP_SYS(sendto),
};
-static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
+static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
{
size_t i;
@@ -153,10 +153,10 @@ void setup_seccomp(bool enable_syslog)
exit(1);
}
- add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist));
+ add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist));
if (enable_syslog) {
- add_whitelist(ctx, syscall_whitelist_syslog,
- G_N_ELEMENTS(syscall_whitelist_syslog));
+ add_allowlist(ctx, syscall_allowlist_syslog,
+ G_N_ELEMENTS(syscall_allowlist_syslog));
}
/* libvhost-user calls this for post-copy migration, we don't need it */