diff --git a/sandboxed_api/sandbox2/comms.cc b/sandboxed_api/sandbox2/comms.cc index 8a357b6..a4845c8 100644 --- a/sandboxed_api/sandbox2/comms.cc +++ b/sandboxed_api/sandbox2/comms.cc @@ -347,7 +347,7 @@ bool Comms::RecvFD(int* fd) { const auto op = [&msg](int fd) -> ssize_t { PotentiallyBlockingRegion region; - // Use syscall, otherwise we would need to whitelist socketcall() on PPC. + // Use syscall, otherwise we would need to allow socketcall() on PPC. return TEMP_FAILURE_RETRY( util::Syscall(__NR_recvmsg, fd, reinterpret_cast(&msg), 0)); }; diff --git a/sandboxed_api/sandbox2/mounts.cc b/sandboxed_api/sandbox2/mounts.cc index d722e6f..24afdc6 100644 --- a/sandboxed_api/sandbox2/mounts.cc +++ b/sandboxed_api/sandbox2/mounts.cc @@ -501,7 +501,7 @@ std::string MountFlagsToString(uint64_t flags) { SAPI_MAP(MS_POSIXACL), SAPI_MAP(MS_UNBINDABLE), SAPI_MAP(MS_PRIVATE), - SAPI_MAP(MS_SLAVE), + SAPI_MAP(MS_SLAVE), // Inclusive language: system constant SAPI_MAP(MS_SHARED), SAPI_MAP(MS_RELATIME), SAPI_MAP(MS_KERNMOUNT), diff --git a/sandboxed_api/sandbox2/violation.proto b/sandboxed_api/sandbox2/violation.proto index acd8a6f..57a3b3d 100644 --- a/sandboxed_api/sandbox2/violation.proto +++ b/sandboxed_api/sandbox2/violation.proto @@ -105,10 +105,10 @@ message SyscallDescription { } message FsDescription { - repeated string file_whitelist = 1; - repeated string symlink_whitelist = 2; + repeated string file_allowlist = 1; + repeated string symlink_allowlist = 2; repeated string file_greylist = 3; - repeated string file_blacklist = 4; + repeated string file_denylist = 4; } message PolicyBuilderDescription { @@ -125,7 +125,7 @@ message NamespaceDescription { message PolicyDescription { bytes user_bpf_policy = 1; reserved 2 to 5; - // This requires additional fields. (e.g. whitelisted syscall #s) + // This requires additional fields. (e.g. allowed syscall numbers) PolicyBuilderDescription policy_builder_description = 6; // namespace