summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2021-07-13 17:18:26 -0700
committergVisor bot <gvisor-bot@google.com>2021-07-13 17:20:41 -0700
commit85a0a353ad185946d39463fddb3ec2cb37876371 (patch)
treeafeb3bb2000bd1d3fcf0eeaeabc7cc4679cff8c8 /pkg/sentry
parentd4dce953b7ac4705f5b52ac24c031170d701031b (diff)
Replace whitelist with allowlist
PiperOrigin-RevId: 384586164
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/control/logging.go24
-rw-r--r--pkg/sentry/strace/strace.go6
2 files changed, 15 insertions, 15 deletions
diff --git a/pkg/sentry/control/logging.go b/pkg/sentry/control/logging.go
index 8a500a515..7613dfcbc 100644
--- a/pkg/sentry/control/logging.go
+++ b/pkg/sentry/control/logging.go
@@ -50,20 +50,20 @@ type LoggingArgs struct {
// enable strace at all. If this flag is false then a completely
// pristine copy of the syscall table will be swapped in. This
// approach is used to remain consistent with an empty strace
- // whitelist meaning trace all system calls.
+ // allowlist meaning trace all system calls.
EnableStrace bool
- // Strace is the whitelist of syscalls to trace to log. If this
- // and StraceEventWhitelist are empty trace all system calls.
- StraceWhitelist []string
+ // Strace is the allowlist of syscalls to trace to log. If this
+ // and StraceEventAllowlist are empty trace all system calls.
+ StraceAllowlist []string
// SetEventStrace is a flag used to indicate that event strace
// related arguments were passed in.
SetEventStrace bool
- // StraceEventWhitelist is the whitelist of syscalls to trace
+ // StraceEventAllowlist is the allowlist of syscalls to trace
// to event log.
- StraceEventWhitelist []string
+ StraceEventAllowlist []string
}
// Logging provides functions related to logging.
@@ -107,13 +107,13 @@ func (l *Logging) Change(args *LoggingArgs, code *int) error {
func (l *Logging) configureStrace(args *LoggingArgs) error {
if args.EnableStrace {
- // Install the whitelist specified.
- if len(args.StraceWhitelist) > 0 {
- if err := strace.Enable(args.StraceWhitelist, strace.SinkTypeLog); err != nil {
+ // Install the allowlist specified.
+ if len(args.StraceAllowlist) > 0 {
+ if err := strace.Enable(args.StraceAllowlist, strace.SinkTypeLog); err != nil {
return err
}
} else {
- // For convenience, if strace is enabled but whitelist
+ // For convenience, if strace is enabled but allowlist
// is empty, enable everything to log.
strace.EnableAll(strace.SinkTypeLog)
}
@@ -125,8 +125,8 @@ func (l *Logging) configureStrace(args *LoggingArgs) error {
}
func (l *Logging) configureEventStrace(args *LoggingArgs) error {
- if len(args.StraceEventWhitelist) > 0 {
- if err := strace.Enable(args.StraceEventWhitelist, strace.SinkTypeEvent); err != nil {
+ if len(args.StraceEventAllowlist) > 0 {
+ if err := strace.Enable(args.StraceEventAllowlist, strace.SinkTypeEvent); err != nil {
return err
}
} else {
diff --git a/pkg/sentry/strace/strace.go b/pkg/sentry/strace/strace.go
index 3ea9c31dd..757ff2a40 100644
--- a/pkg/sentry/strace/strace.go
+++ b/pkg/sentry/strace/strace.go
@@ -819,10 +819,10 @@ func convertToSyscallFlag(sinks SinkType) uint32 {
return ret
}
-// Enable enables the syscalls in whitelist in all syscall tables.
+// Enable enables the syscalls in allowlist in all syscall tables.
//
// Preconditions: Initialize has been called.
-func Enable(whitelist []string, sinks SinkType) error {
+func Enable(allowlist []string, sinks SinkType) error {
flags := convertToSyscallFlag(sinks)
for _, table := range kernel.SyscallTables() {
// Is this known?
@@ -832,7 +832,7 @@ func Enable(whitelist []string, sinks SinkType) error {
}
// Convert to a set of system calls numbers.
- wl, err := sys.ConvertToSysnoMap(whitelist)
+ wl, err := sys.ConvertToSysnoMap(allowlist)
if err != nil {
return err
}