[libvirt PATCH 00/23] remove use of terms 'whitelist'/'blacklist' and 'master'/'slave'

Daniel P. Berrangé berrange at redhat.com
Fri Jun 19 09:32:37 UTC 2020


The terms "whitelist" / "blacklist" perpetuate the notion that
white is good and black is bad[1]. Their usage is trivially
eliminated from libvirt with a variety of alternative terms.
The replacements are more applicable to the usage context in
most cases. The only exceptions are

  • Libvirt needs to keep "seccomp-blacklist" back compat for
    running guest capabilities on upgrade
  • kmod uses "blacklist" for modprobe config file key

The terms "master" / "slave" have inescapable historical context
that makes them a bad choice for metaphors in software[1]. Again
there are a variety of alternatives that can be used, many of which
are more applicable to the usage context. Eliminating all usage
though is not practical, due to libvirt's need to interface with
external systems, where the terminology is part of the formal API.
The unfixable exceptions are:

  • Libvirt uses slave=NNN master=NNN in XML schema for FreeBSD nmdm devs
  • Linux kernel sysfs uses "slave_$NIC" for bonding NIC members
  • Linux kernel mount options MS_SLAVE for mount propagation
  • QEMU uses "slave" in many device/property names
  • Jenkins website calls the libvirt plugin "libvirt-slave"
  • VirtualBox uses 'Slave' in many config file attributes

Note, this doesn't attempt to remove cases of the word "master" which
are used in isolation, only those paired with usage of the word "slave".
Remaining usage of "master" needs evaluating, as some of these contexts
are none the less implicitly associated with the "master/slave" concept.

Nothing in the po/ directory is updated. This will be updated when
we refresh translations at time of freeze.

There should be no functional change in any of these patches with the
exception of the patch tweaking matching for NICs in the interface
driver.

[1] There are many docs on the web covering this in detail, with
    one fairly clear description being:
      https://tools.ietf.org/id/draft-knodel-terminology-00.html

Daniel P. Berrangé (23):
  scripts: remove use of the term 'whitelist' from build helpers
  rpc: remove use of the term 'whitelist' from RPC code
  cgroup: remove use of the term 'whitelist' from cgroup code
  qemu: remove use of the terms 'whitelist' and 'blacklist' from CPU
    code
  qemu: remove use of the term 'blacklist' in seccomp capability
  util: use short form -g arg to scsi_id
  docs: remove use of the term 'whitelist' from documentation
  util: rename method to virKModIsProhibited
  nodedev: remove use of the term 'blacklist' from enumeration code
  build: remove use of the term 'blacklist' from helper files
  src: remove use of the term 'whitelist' from remaining code
  interface: use a constant for the sysfs bond device file prefix
  interface: remove most use of the term 'slave' from bonding code
  docs: remove use of the term 'enslaved' wrt tap & bridge devices
  tools: remove use of the term 'slave' in code dealing with bridges
  util: remove use of the terms 'master' and 'slave' in PTY code
  qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
  lxc: remove use of the terms 'master' and 'slave' in PTY setup
  docs: update link to the libvirt jenkins plugin
  docs: remove use of the term 'slave' in Jenkins agent docs
  conf: remove use of the terms 'master' and 'slave' in mndm config
  lxc: replace use of term 'slave' filesystem mount setup
  build: add syntax-check rules for undesirable terms

 build-aux/syntax-check.mk                     | 18 ++++-
 docs/apps.html.in                             |  6 +-
 docs/drvqemu.html.in                          | 12 ++--
 docs/firewall.html.in                         |  6 +-
 docs/formatdomain.html.in                     |  4 +-
 docs/internals/rpc.html.in                    |  9 +--
 docs/kbase/qemu-passthrough-security.rst      |  3 +-
 docs/schemas/interface.rng                    |  2 +-
 m4/virt-compile-warnings.m4                   |  2 +-
 scripts/check-aclrules.py                     |  8 +--
 scripts/check-file-access.py                  | 16 ++---
 scripts/mock-noinline.py                      |  1 -
 src/bhyve/bhyve_driver.c                      |  2 +-
 src/bhyve/bhyve_parse_command.c               | 20 +++---
 src/conf/domain_conf.c                        | 24 +++----
 src/conf/domain_conf.h                        |  4 +-
 src/interface/interface_backend_udev.c        | 65 +++++++++----------
 src/libvirt.c                                 |  2 +-
 src/libvirt_private.syms                      |  2 +-
 src/lxc/lxc_cgroup.c                          |  2 +-
 src/lxc/lxc_controller.c                      | 20 +++---
 src/node_device/node_device_udev.c            |  6 +-
 src/qemu/qemu.conf                            |  4 +-
 src/qemu/qemu_capabilities.c                  | 22 +++----
 src/qemu/qemu_capabilities.h                  |  6 +-
 src/qemu/qemu_cgroup.c                        |  2 +-
 src/qemu/qemu_command.c                       |  6 +-
 src/qemu/qemu_conf.c                          |  4 +-
 src/qemu/qemu_domain.c                        | 10 ++-
 src/qemu/qemu_monitor.c                       | 46 ++++++-------
 src/remote/libvirtd.conf.in                   |  6 +-
 src/remote/remote_daemon_dispatch.c           |  4 +-
 src/rpc/gendispatch.pl                        |  2 +-
 src/rpc/virnetsaslcontext.c                   | 10 +--
 src/rpc/virnetsaslcontext.h                   |  2 +-
 src/rpc/virnettlscontext.c                    | 32 ++++-----
 src/rpc/virnettlscontext.h                    |  4 +-
 src/util/vircgroup.c                          |  2 +-
 src/util/virfile.c                            | 42 ++++++------
 src/util/virkmod.c                            | 24 +++----
 src/util/virkmod.h                            |  2 +-
 src/util/virnetdevtap.c                       |  2 +-
 src/util/virpci.c                             |  4 +-
 src/util/virprocess.c                         |  2 +-
 src/util/virstoragefile.c                     |  4 +-
 src/vbox/vbox_common.c                        |  4 +-
 tests/Makefile.am                             |  4 +-
 ...hitelist.txt => permitted_file_access.txt} |  6 +-
 .../caps_2.11.0.s390x.xml                     |  2 +-
 .../caps_2.11.0.x86_64.xml                    |  2 +-
 .../caps_2.12.0.aarch64.xml                   |  2 +-
 .../caps_2.12.0.ppc64.xml                     |  2 +-
 .../caps_2.12.0.s390x.xml                     |  2 +-
 .../caps_2.12.0.x86_64.xml                    |  2 +-
 .../qemucapabilitiesdata/caps_3.0.0.ppc64.xml |  2 +-
 .../caps_3.0.0.riscv32.xml                    |  2 +-
 .../caps_3.0.0.riscv64.xml                    |  2 +-
 .../qemucapabilitiesdata/caps_3.0.0.s390x.xml |  2 +-
 .../caps_3.0.0.x86_64.xml                     |  2 +-
 .../qemucapabilitiesdata/caps_3.1.0.ppc64.xml |  2 +-
 .../caps_3.1.0.x86_64.xml                     |  2 +-
 .../caps_4.0.0.aarch64.xml                    |  2 +-
 .../qemucapabilitiesdata/caps_4.0.0.ppc64.xml |  2 +-
 .../caps_4.0.0.riscv32.xml                    |  2 +-
 .../caps_4.0.0.riscv64.xml                    |  2 +-
 .../qemucapabilitiesdata/caps_4.0.0.s390x.xml |  2 +-
 .../caps_4.0.0.x86_64.xml                     |  2 +-
 .../caps_4.1.0.x86_64.xml                     |  2 +-
 .../caps_4.2.0.aarch64.xml                    |  2 +-
 .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml |  2 +-
 .../qemucapabilitiesdata/caps_4.2.0.s390x.xml |  2 +-
 .../caps_4.2.0.x86_64.xml                     |  2 +-
 .../caps_5.0.0.aarch64.xml                    |  2 +-
 .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml |  2 +-
 .../caps_5.0.0.riscv64.xml                    |  2 +-
 .../caps_5.0.0.x86_64.xml                     |  2 +-
 .../caps_5.1.0.x86_64.xml                     |  2 +-
 .../qemustatusxml2xmldata/backup-pull-in.xml  |  2 +-
 .../blockjob-blockdev-in.xml                  |  2 +-
 tests/qemuxml2argvtest.c                      |  2 +-
 tests/virconfdata/libvirtd.conf               |  6 +-
 tests/virconfdata/libvirtd.out                |  6 +-
 tools/virsh-interface.c                       | 16 ++---
 83 files changed, 301 insertions(+), 281 deletions(-)
 rename tests/{file_access_whitelist.txt => permitted_file_access.txt} (82%)

-- 
2.24.1




More information about the libvir-list mailing list