/*
* By default a whitelist is used unless the user tells us otherwise.
*/
- prog->device_list_type = LXC_BPF_DEVICE_CGROUP_WHITELIST;
+ prog->device_list_type = LXC_BPF_DEVICE_CGROUP_ALLOWLIST;
return move_ptr(prog);
}
return ret_set_errno(-1, EINVAL);
TRACE("Implementing %s bpf device cgroup program",
- prog->device_list_type == LXC_BPF_DEVICE_CGROUP_BLACKLIST
- ? "blacklist"
- : "whitelist");
+ prog->device_list_type == LXC_BPF_DEVICE_CGROUP_DENYLIST
+ ? "denylist"
+ : "allowlist");
return bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
}
union bpf_attr;
+enum {
+ LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1,
+ LXC_BPF_DEVICE_CGROUP_ALLOWLIST = 0,
+ LXC_BPF_DEVICE_CGROUP_DENYLIST = 1,
+};
+
static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size)
{
return (int)syscall(__NR_bpf, cmd, attr, size);