File tools-virtiofsd-Replace-the-word-whiteli.patch of Package qemu.29315
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 5 Feb 2021 18:18:11 +0100
Subject: tools/virtiofsd: Replace the word 'whitelist'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: a65963efa3a8533e8c9fc62e899147612d913058
References: bsc#1183373, CVE-2021-20263
Follow the inclusive terminology from the "Conscious Language in your
Open Source Projects" guidelines [*] and replace the words "whitelist"
appropriately.
[*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210205171817.2108907-3-philmd@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tools/virtiofsd/passthrough_ll.c | 6 +++---
tools/virtiofsd/passthrough_seccomp.c | 12 ++++++------
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 03c5e0d13c35849ec90d32fa38a2..90f5281f10ab747098e57a3157c1 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -3195,7 +3195,7 @@ static void setup_mounts(const char *source)
}
/*
- * Only keep whitelisted capabilities that are needed for file system operation
+ * Only keep capabilities in allowlist that are needed for file system operation
* The (possibly NULL) modcaps_in string passed in is free'd before exit.
*/
static void setup_capabilities(char *modcaps_in)
@@ -3205,8 +3205,8 @@ static void setup_capabilities(char *modcaps_in)
capng_restore_state(&cap.saved);
/*
- * Whitelist file system-related capabilities that are needed for a file
- * server to act like root. Drop everything else like networking and
+ * Add to allowlist file system-related capabilities that are needed for a
+ * file server to act like root. Drop everything else like networking and
* sysadmin capabilities.
*
* Exclusions:
diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c
index 11623f56f20ca6ceb850ecf2cb8d..c98d28da6c41106d12608cf4b576 100644
--- a/tools/virtiofsd/passthrough_seccomp.c
+++ b/tools/virtiofsd/passthrough_seccomp.c
@@ -24,7 +24,7 @@
#endif
#endif
-static const int syscall_whitelist[] = {
+static const int syscall_allowlist[] = {
/* TODO ireg sem*() syscalls */
SCMP_SYS(brk),
SCMP_SYS(capget), /* For CAP_FSETID */
@@ -118,12 +118,12 @@ static const int syscall_whitelist[] = {
};
/* Syscalls used when --syslog is enabled */
-static const int syscall_whitelist_syslog[] = {
+static const int syscall_allowlist_syslog[] = {
SCMP_SYS(send),
SCMP_SYS(sendto),
};
-static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
+static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
{
size_t i;
@@ -154,10 +154,10 @@ void setup_seccomp(bool enable_syslog)
exit(1);
}
- add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist));
+ add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist));
if (enable_syslog) {
- add_whitelist(ctx, syscall_whitelist_syslog,
- G_N_ELEMENTS(syscall_whitelist_syslog));
+ add_allowlist(ctx, syscall_allowlist_syslog,
+ G_N_ELEMENTS(syscall_allowlist_syslog));
}
/* libvhost-user calls this for post-copy migration, we don't need it */
