summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2021-07-13 17:18:26 -0700
committergVisor bot <gvisor-bot@google.com>2021-07-13 17:20:41 -0700
commit85a0a353ad185946d39463fddb3ec2cb37876371 (patch)
treeafeb3bb2000bd1d3fcf0eeaeabc7cc4679cff8c8
parentd4dce953b7ac4705f5b52ac24c031170d701031b (diff)
Replace whitelist with allowlist
PiperOrigin-RevId: 384586164
-rw-r--r--pkg/sentry/control/logging.go24
-rw-r--r--pkg/sentry/strace/strace.go6
-rw-r--r--runsc/cmd/debug.go2
-rw-r--r--test/runtimes/runner/lib/lib.go2
-rw-r--r--website/cmd/server/main.go2
5 files changed, 18 insertions, 18 deletions
diff --git a/pkg/sentry/control/logging.go b/pkg/sentry/control/logging.go
index 8a500a515..7613dfcbc 100644
--- a/pkg/sentry/control/logging.go
+++ b/pkg/sentry/control/logging.go
@@ -50,20 +50,20 @@ type LoggingArgs struct {
// enable strace at all. If this flag is false then a completely
// pristine copy of the syscall table will be swapped in. This
// approach is used to remain consistent with an empty strace
- // whitelist meaning trace all system calls.
+ // allowlist meaning trace all system calls.
EnableStrace bool
- // Strace is the whitelist of syscalls to trace to log. If this
- // and StraceEventWhitelist are empty trace all system calls.
- StraceWhitelist []string
+ // Strace is the allowlist of syscalls to trace to log. If this
+ // and StraceEventAllowlist are empty trace all system calls.
+ StraceAllowlist []string
// SetEventStrace is a flag used to indicate that event strace
// related arguments were passed in.
SetEventStrace bool
- // StraceEventWhitelist is the whitelist of syscalls to trace
+ // StraceEventAllowlist is the allowlist of syscalls to trace
// to event log.
- StraceEventWhitelist []string
+ StraceEventAllowlist []string
}
// Logging provides functions related to logging.
@@ -107,13 +107,13 @@ func (l *Logging) Change(args *LoggingArgs, code *int) error {
func (l *Logging) configureStrace(args *LoggingArgs) error {
if args.EnableStrace {
- // Install the whitelist specified.
- if len(args.StraceWhitelist) > 0 {
- if err := strace.Enable(args.StraceWhitelist, strace.SinkTypeLog); err != nil {
+ // Install the allowlist specified.
+ if len(args.StraceAllowlist) > 0 {
+ if err := strace.Enable(args.StraceAllowlist, strace.SinkTypeLog); err != nil {
return err
}
} else {
- // For convenience, if strace is enabled but whitelist
+ // For convenience, if strace is enabled but allowlist
// is empty, enable everything to log.
strace.EnableAll(strace.SinkTypeLog)
}
@@ -125,8 +125,8 @@ func (l *Logging) configureStrace(args *LoggingArgs) error {
}
func (l *Logging) configureEventStrace(args *LoggingArgs) error {
- if len(args.StraceEventWhitelist) > 0 {
- if err := strace.Enable(args.StraceEventWhitelist, strace.SinkTypeEvent); err != nil {
+ if len(args.StraceEventAllowlist) > 0 {
+ if err := strace.Enable(args.StraceEventAllowlist, strace.SinkTypeEvent); err != nil {
return err
}
} else {
diff --git a/pkg/sentry/strace/strace.go b/pkg/sentry/strace/strace.go
index 3ea9c31dd..757ff2a40 100644
--- a/pkg/sentry/strace/strace.go
+++ b/pkg/sentry/strace/strace.go
@@ -819,10 +819,10 @@ func convertToSyscallFlag(sinks SinkType) uint32 {
return ret
}
-// Enable enables the syscalls in whitelist in all syscall tables.
+// Enable enables the syscalls in allowlist in all syscall tables.
//
// Preconditions: Initialize has been called.
-func Enable(whitelist []string, sinks SinkType) error {
+func Enable(allowlist []string, sinks SinkType) error {
flags := convertToSyscallFlag(sinks)
for _, table := range kernel.SyscallTables() {
// Is this known?
@@ -832,7 +832,7 @@ func Enable(whitelist []string, sinks SinkType) error {
}
// Convert to a set of system calls numbers.
- wl, err := sys.ConvertToSysnoMap(whitelist)
+ wl, err := sys.ConvertToSysnoMap(allowlist)
if err != nil {
return err
}
diff --git a/runsc/cmd/debug.go b/runsc/cmd/debug.go
index 6212ffb2e..da81cf048 100644
--- a/runsc/cmd/debug.go
+++ b/runsc/cmd/debug.go
@@ -166,7 +166,7 @@ func (d *Debug) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
log.Infof("Enabling strace for syscalls: %s", d.strace)
args.SetStrace = true
args.EnableStrace = true
- args.StraceWhitelist = strings.Split(d.strace, ",")
+ args.StraceAllowlist = strings.Split(d.strace, ",")
}
if len(d.logLevel) != 0 {
diff --git a/test/runtimes/runner/lib/lib.go b/test/runtimes/runner/lib/lib.go
index f2db5f9ea..d6b652897 100644
--- a/test/runtimes/runner/lib/lib.go
+++ b/test/runtimes/runner/lib/lib.go
@@ -152,7 +152,7 @@ func getTests(ctx context.Context, d *dockerutil.Container, lang, image string,
return itests, nil
}
-// getBlacklist reads the exclude file and returns a set of test names to
+// getExcludes reads the exclude file and returns a set of test names to
// exclude.
func getExcludes(excludeFile string) (map[string]struct{}, error) {
excludes := make(map[string]struct{})
diff --git a/website/cmd/server/main.go b/website/cmd/server/main.go
index 707a3a8f8..1e5b56fbb 100644
--- a/website/cmd/server/main.go
+++ b/website/cmd/server/main.go
@@ -258,7 +258,7 @@ const pprofFixedPrefix = "https://storage.googleapis.com/"
// allowedBuckets enforces constraints on the pprof target.
//
// If the continuous integration system is changed in the future to use
-// additional buckets, they may be whitelisted here. See registerProfile.
+// additional buckets, they may be allowed here. See registerProfile.
var allowedBuckets = map[string]bool{
"gvisor-buildkite": true,
}