cgroups: update terminology

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/cgroups/cgroup2_devices.c b/src/cgroups/cgroup2_devices.c
index ad18dfb8efff4637b863799d9a12b3dc7e2f398c..ae1d97f87092e9885e7991a287cd17fd697f98e9 100644 (file)
--- a/src/cgroups/cgroup2_devices.c
+++ b/src/cgroups/cgroup2_devices.c
@@ -180,7 +180,7 @@ struct bpf_program *bpf_program_new(uint32_t prog_type)
        /*
         * By default a whitelist is used unless the user tells us otherwise.
         */
-       prog->device_list_type = LXC_BPF_DEVICE_CGROUP_WHITELIST;
+       prog->device_list_type = LXC_BPF_DEVICE_CGROUP_ALLOWLIST;
 
        return move_ptr(prog);
 }
@@ -308,9 +308,9 @@ int bpf_program_finalize(struct bpf_program *prog)
                return ret_set_errno(-1, EINVAL);
 
        TRACE("Implementing %s bpf device cgroup program",
-             prog->device_list_type == LXC_BPF_DEVICE_CGROUP_BLACKLIST
-                 ? "blacklist"
-                 : "whitelist");
+             prog->device_list_type == LXC_BPF_DEVICE_CGROUP_DENYLIST
+                 ? "denylist"
+                 : "allowlist");
        return bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
 }
 

diff --git a/src/cgroups/cgroup2_devices.h b/src/cgroups/cgroup2_devices.h
index f7cc0ba735c7c4cff49d8ae20fbee2a3e9cb72f4..d5ba963ea904f77dd40bb7988bc20fdba16cdfa8 100644 (file)
--- a/src/cgroups/cgroup2_devices.h
+++ b/src/cgroups/cgroup2_devices.h
@@ -36,6 +36,12 @@
 
 union bpf_attr;
 
+enum {
+       LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1,
+       LXC_BPF_DEVICE_CGROUP_ALLOWLIST  =  0,
+       LXC_BPF_DEVICE_CGROUP_DENYLIST  =  1,
+};
+
 static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size)
 {
        return (int)syscall(__NR_bpf, cmd, attr, size);