]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ffa6884)
cgroups: update terminology
authorChristian Brauner <christian.brauner@ubuntu.com>
Fri, 3 Jul 2020 10:56:48 +0000 (12:56 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Fri, 3 Jul 2020 10:58:53 +0000 (12:58 +0200)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/cgroups/cgfsng.c patch | blob | blame | history
src/lxc/cgroups/cgroup2_devices.c patch | blob | blame | history
src/lxc/conf.h patch | blob | blame | history

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index bab4ba34094cdea3d6177e2608e5644d0ded70a7..31ad219c1d8193ce826dbef3d35451feee358e0a 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2562,8 +2562,8 @@ static int device_cgroup_rule_parse(struct device_item *device, const char *key,
                device->major = -1;
                device->minor = -1;
                device->global_rule = device->allow
-                                         ? LXC_BPF_DEVICE_CGROUP_BLACKLIST
-                                         : LXC_BPF_DEVICE_CGROUP_WHITELIST;
+                                         ? LXC_BPF_DEVICE_CGROUP_DENYLIST
+                                         : LXC_BPF_DEVICE_CGROUP_ALLOWLIST;
                device->allow = -1;
                return 0;
        }
diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index 04ba7b332d7650c82035704488f3f359bc44b846..59a9c4bd6e3be19c0bdeedcd0e1de8d7c7e33e4d 100644 (file)
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -176,7 +176,7 @@ struct bpf_program *bpf_program_new(uint32_t prog_type)
        /*
         * By default a whitelist is used unless the user tells us otherwise.
         */
-       prog->device_list_type = LXC_BPF_DEVICE_CGROUP_WHITELIST;
+       prog->device_list_type = LXC_BPF_DEVICE_CGROUP_ALLOWLIST;
 
        return move_ptr(prog);
 }
@@ -298,7 +298,7 @@ int bpf_program_finalize(struct bpf_program *prog)
                return ret_set_errno(-1, EINVAL);
 
        TRACE("Implementing %s bpf device cgroup program",
-             prog->device_list_type == LXC_BPF_DEVICE_CGROUP_BLACKLIST
+             prog->device_list_type == LXC_BPF_DEVICE_CGROUP_DENYLIST
                  ? "blacklist"
                  : "whitelist");
 
@@ -450,10 +450,10 @@ int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device)
                if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE &&
                    device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) {
                        TRACE("Switched from %s to %s",
-                             cur->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST
+                             cur->global_rule == LXC_BPF_DEVICE_CGROUP_ALLOWLIST
                                  ? "whitelist"
                                  : "blacklist",
-                             device->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST
+                             device->global_rule == LXC_BPF_DEVICE_CGROUP_ALLOWLIST
                                  ? "whitelist"
                                  : "blacklist");
                        cur->global_rule = device->global_rule;
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 7f54539e0fd0ee8d71c1fcc6b70e57deb1f7b8ae..e3dba87c4fe157debf76907509e4b8401de3a4ac 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -215,8 +215,8 @@ struct lxc_state_client {
 
 enum {
        LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1,
-       LXC_BPF_DEVICE_CGROUP_WHITELIST  =  0,
-       LXC_BPF_DEVICE_CGROUP_BLACKLIST  =  1,
+       LXC_BPF_DEVICE_CGROUP_ALLOWLIST  =  0,
+       LXC_BPF_DEVICE_CGROUP_DENYLIST  =  1,
 };
 
 struct device_item {
@@ -227,8 +227,8 @@ struct device_item {
        int allow;
        /*
         * LXC_BPF_DEVICE_CGROUP_LOCAL_RULE -> no global rule
-        * LXC_BPF_DEVICE_CGROUP_WHITELIST  -> whitelist (deny all)
-        * LXC_BPF_DEVICE_CGROUP_BLACKLIST  -> blacklist (allow all)
+        * LXC_BPF_DEVICE_CGROUP_ALLOWLIST  -> allowlist (deny all)
+        * LXC_BPF_DEVICE_CGROUP_DENYLIST   -> denylist (allow all)
         */
        int global_rule;
 };
Mirror of https://github.com/lxc/lxc.git