4:32 a.m.
The terms "whitelist" / "blacklist" perpetuate the notion that
white is good and black is bad[1]. Their usage is trivially
eliminated from libvirt with a variety of alternative terms.
The replacements are more applicable to the usage context in
most cases. The only exceptions are
• Libvirt needs to keep "seccomp-blacklist" back compat for
running guest capabilities on upgrade
• kmod uses "blacklist" for modprobe config file key
The terms "master" / "slave" have inescapable historical context
that makes them a bad choice for metaphors in software[1]. Again
there are a variety of alternatives that can be used, many of which
are more applicable to the usage context. Eliminating all usage
though is not practical, due to libvirt's need to interface with
external systems, where the terminology is part of the formal API.
The unfixable exceptions are:
• Libvirt uses slave=NNN master=NNN in XML schema for FreeBSD nmdm devs
• Linux kernel sysfs uses "slave_$NIC" for bonding NIC members
• Linux kernel mount options MS_SLAVE for mount propagation
• QEMU uses "slave" in many device/property names
• Jenkins website calls the libvirt plugin "libvirt-slave"
• VirtualBox uses 'Slave' in many config file attributes
Note, this doesn't attempt to remove cases of the word "master" which
are used in isolation, only those paired with usage of the word "slave".
Remaining usage of "master" needs evaluating, as some of these contexts
are none the less implicitly associated with the "master/slave" concept.
Nothing in the po/ directory is updated. This will be updated when
we refresh translations at time of freeze.
There should be no functional change in any of these patches with the
exception of the patch tweaking matching for NICs in the interface
driver.
[1] There are many docs on the web covering this in detail, with
one fairly clear description being:
https://tools.ietf.org/id/draft-knodel-terminology-00.html
Daniel P. Berrangé (23):
scripts: remove use of the term 'whitelist' from build helpers
rpc: remove use of the term 'whitelist' from RPC code
cgroup: remove use of the term 'whitelist' from cgroup code
qemu: remove use of the terms 'whitelist' and 'blacklist' from CPU
code
qemu: remove use of the term 'blacklist' in seccomp capability
util: use short form -g arg to scsi_id
docs: remove use of the term 'whitelist' from documentation
util: rename method to virKModIsProhibited
nodedev: remove use of the term 'blacklist' from enumeration code
build: remove use of the term 'blacklist' from helper files
src: remove use of the term 'whitelist' from remaining code
interface: use a constant for the sysfs bond device file prefix
interface: remove most use of the term 'slave' from bonding code
docs: remove use of the term 'enslaved' wrt tap & bridge devices
tools: remove use of the term 'slave' in code dealing with bridges
util: remove use of the terms 'master' and 'slave' in PTY code
qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
lxc: remove use of the terms 'master' and 'slave' in PTY setup
docs: update link to the libvirt jenkins plugin
docs: remove use of the term 'slave' in Jenkins agent docs
conf: remove use of the terms 'master' and 'slave' in mndm config
lxc: replace use of term 'slave' filesystem mount setup
build: add syntax-check rules for undesirable terms
build-aux/syntax-check.mk | 18 ++++-
docs/apps.html.in | 6 +-
docs/drvqemu.html.in | 12 ++--
docs/firewall.html.in | 6 +-
docs/formatdomain.html.in | 4 +-
docs/internals/rpc.html.in | 9 +--
docs/kbase/qemu-passthrough-security.rst | 3 +-
docs/schemas/interface.rng | 2 +-
m4/virt-compile-warnings.m4 | 2 +-
scripts/check-aclrules.py | 8 +--
scripts/check-file-access.py | 16 ++---
scripts/mock-noinline.py | 1 -
src/bhyve/bhyve_driver.c | 2 +-
src/bhyve/bhyve_parse_command.c | 20 +++---
src/conf/domain_conf.c | 24 +++----
src/conf/domain_conf.h | 4 +-
src/interface/interface_backend_udev.c | 65 +++++++++----------
src/libvirt.c | 2 +-
src/libvirt_private.syms | 2 +-
src/lxc/lxc_cgroup.c | 2 +-
src/lxc/lxc_controller.c | 20 +++---
src/node_device/node_device_udev.c | 6 +-
src/qemu/qemu.conf | 4 +-
src/qemu/qemu_capabilities.c | 22 +++----
src/qemu/qemu_capabilities.h | 6 +-
src/qemu/qemu_cgroup.c | 2 +-
src/qemu/qemu_command.c | 6 +-
src/qemu/qemu_conf.c | 4 +-
src/qemu/qemu_domain.c | 10 ++-
src/qemu/qemu_monitor.c | 46 ++++++-------
src/remote/libvirtd.conf.in | 6 +-
src/remote/remote_daemon_dispatch.c | 4 +-
src/rpc/gendispatch.pl | 2 +-
src/rpc/virnetsaslcontext.c | 10 +--
src/rpc/virnetsaslcontext.h | 2 +-
src/rpc/virnettlscontext.c | 32 ++++-----
src/rpc/virnettlscontext.h | 4 +-
src/util/vircgroup.c | 2 +-
src/util/virfile.c | 42 ++++++------
src/util/virkmod.c | 24 +++----
src/util/virkmod.h | 2 +-
src/util/virnetdevtap.c | 2 +-
src/util/virpci.c | 4 +-
src/util/virprocess.c | 2 +-
src/util/virstoragefile.c | 4 +-
src/vbox/vbox_common.c | 4 +-
tests/Makefile.am | 4 +-
...hitelist.txt => permitted_file_access.txt} | 6 +-
.../caps_2.11.0.s390x.xml | 2 +-
.../caps_2.11.0.x86_64.xml | 2 +-
.../caps_2.12.0.aarch64.xml | 2 +-
.../caps_2.12.0.ppc64.xml | 2 +-
.../caps_2.12.0.s390x.xml | 2 +-
.../caps_2.12.0.x86_64.xml | 2 +-
.../qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
.../caps_3.0.0.riscv32.xml | 2 +-
.../caps_3.0.0.riscv64.xml | 2 +-
.../qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
.../caps_3.0.0.x86_64.xml | 2 +-
.../qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
.../caps_3.1.0.x86_64.xml | 2 +-
.../caps_4.0.0.aarch64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
.../caps_4.0.0.riscv32.xml | 2 +-
.../caps_4.0.0.riscv64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
.../caps_4.0.0.x86_64.xml | 2 +-
.../caps_4.1.0.x86_64.xml | 2 +-
.../caps_4.2.0.aarch64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
.../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
.../caps_4.2.0.x86_64.xml | 2 +-
.../caps_5.0.0.aarch64.xml | 2 +-
.../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
.../caps_5.0.0.riscv64.xml | 2 +-
.../caps_5.0.0.x86_64.xml | 2 +-
.../caps_5.1.0.x86_64.xml | 2 +-
.../qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
.../blockjob-blockdev-in.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
tests/virconfdata/libvirtd.conf | 6 +-
tests/virconfdata/libvirtd.out | 6 +-
tools/virsh-interface.c | 16 ++---
83 files changed, 301 insertions(+), 281 deletions(-)
rename tests/{file_access_whitelist.txt => permitted_file_access.txt} (82%)
--
2.24.1