r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_CLOSED, true);
assert_se(r >= 0);
- r = bpf_devices_whitelist_static(prog, cgroup_path);
+ r = bpf_devices_allow_list_static(prog, cgroup_path);
assert_se(r >= 0);
r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_CLOSED, true, cgroup_path, installed_prog);
r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_STRICT, true);
assert_se(r >= 0);
- r = bpf_devices_whitelist_device(prog, cgroup_path, "/dev/null", "rw");
+ r = bpf_devices_allow_list_device(prog, cgroup_path, "/dev/null", "rw");
assert_se(r >= 0);
- r = bpf_devices_whitelist_device(prog, cgroup_path, "/dev/random", "r");
+ r = bpf_devices_allow_list_device(prog, cgroup_path, "/dev/random", "r");
assert_se(r >= 0);
- r = bpf_devices_whitelist_device(prog, cgroup_path, "/dev/zero", "w");
+ r = bpf_devices_allow_list_device(prog, cgroup_path, "/dev/zero", "w");
assert_se(r >= 0);
r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_STRICT, true, cgroup_path, installed_prog);
assert_se(wrong == 0);
}
-static void test_policy_whitelist_major(const char *pattern, const char *cgroup_path, BPFProgram **installed_prog) {
+static void test_policy_allow_list_major(const char *pattern, const char *cgroup_path, BPFProgram **installed_prog) {
_cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL;
unsigned wrong = 0;
int r;
r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_STRICT, true);
assert_se(r >= 0);
- r = bpf_devices_whitelist_major(prog, cgroup_path, pattern, 'c', "rw");
+ r = bpf_devices_allow_list_major(prog, cgroup_path, pattern, 'c', "rw");
assert_se(r >= 0);
r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_STRICT, true, cgroup_path, installed_prog);
assert_se(wrong == 0);
}
-static void test_policy_whitelist_major_star(char type, const char *cgroup_path, BPFProgram **installed_prog) {
+static void test_policy_allow_list_major_star(char type, const char *cgroup_path, BPFProgram **installed_prog) {
_cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL;
unsigned wrong = 0;
int r;
r = bpf_devices_cgroup_init(&prog, CGROUP_DEVICE_POLICY_STRICT, true);
assert_se(r >= 0);
- r = bpf_devices_whitelist_major(prog, cgroup_path, "*", type, "rw");
+ r = bpf_devices_allow_list_major(prog, cgroup_path, "*", type, "rw");
assert_se(r >= 0);
r = bpf_devices_apply_policy(prog, CGROUP_DEVICE_POLICY_STRICT, true, cgroup_path, installed_prog);
assert_se(r >= 0);
if (add_mismatched) {
- r = bpf_devices_whitelist_major(prog, cgroup_path, "foobarxxx", 'c', "rw");
+ r = bpf_devices_allow_list_major(prog, cgroup_path, "foobarxxx", 'c', "rw");
assert_se(r < 0);
}
test_policy_closed(cgroup, &prog);
test_policy_strict(cgroup, &prog);
- test_policy_whitelist_major("mem", cgroup, &prog);
- test_policy_whitelist_major("1", cgroup, &prog);
+ test_policy_allow_list_major("mem", cgroup, &prog);
+ test_policy_allow_list_major("1", cgroup, &prog);
- test_policy_whitelist_major_star('c', cgroup, &prog);
- test_policy_whitelist_major_star('b', cgroup, &prog);
+ test_policy_allow_list_major_star('c', cgroup, &prog);
+ test_policy_allow_list_major_star('b', cgroup, &prog);
test_policy_empty(false, cgroup, &prog);
test_policy_empty(true, cgroup, &prog);