mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-22 01:51:26 +00:00
Code Issues Releases Wiki Activity

Eliminate "whitelist" and "blacklist" terms.

Browse Source 
There is one remaining use under datapath.  That change should happen
upstream in Linux first according to our usual policy.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
This commit is contained in:
Ben Pfaff 2020-06-17 14:22:47 -07:00
parent 807152a4dd
commit 8205fbc8f5
28 changed files with 105 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Documentation/howto/ipsec.rst
View File

@ -162,7 +162,7 @@ undesirable situation.
`ipsec_skb_mark`. By setting the ipsec_skb_mark as 0/1, OVS IPsec prevents
all unencrypted tunnel packets leaving the host since the default skb_mark
value for tunnel packets are 0. This affects all OVS tunnels including those
without IPsec being set up. You can install OpenFlow rules to whitelist
without IPsec being set up. You can install OpenFlow rules to enable
those non-IPsec tunnels by setting the skb_mark of the tunnel traffic as
non-zero value.

8
Documentation/howto/selinux.rst
View File

@ -67,8 +67,8 @@ differently than SELinux.
SELinux and Open vSwitch are moving targets. What this means is that, if you
solely rely on your Linux distribution's SELinux policy, then this policy might
not have correctly anticipated that a newer Open vSwitch version needs extra
white list rules. However, if you solely rely on SELinux policy that ships
with Open vSwitch, then Open vSwitch developers might not have correctly
rules to allow behavior. However, if you solely rely on SELinux policy that
ships with Open vSwitch, then Open vSwitch developers might not have correctly
anticipated the feature set that your SELinux implementation supports.
Installation
@ -136,8 +136,8 @@ Then verify that this module was indeed loaded::
openvswitch 1.1.1
If you still see Permission denied errors, then take a look into
``selinux/openvswitch.te.in`` file in the OVS source tree and try to add white
list rules. This is really simple, just run SELinux audit2allow tool::
``selinux/openvswitch.te.in`` file in the OVS source tree and try to add allow
rules. This is really simple, just run SELinux audit2allow tool::
$ grep "openvswitch_t" /var/log/audit/audit.log | audit2allow -M ovslocal

2
Documentation/topics/datapath.rst
View File

@ -261,5 +261,5 @@ Implement the headers and codes for compatibility with older kernel in
function should be prefixed with ``rpl_``. Otherwise, the function should be
prefixed with ``ovs_``. For special case when it is not possible to follow
this rule (e.g., the ``pskb_expand_head()`` function), the function name must
be added to ``linux/compat/build-aux/export-check-whitelist``, otherwise, the
be added to ``linux/compat/build-aux/export-check-allowlist``, otherwise, the
compilation check ``check-export-symbol`` will fail.

9
Documentation/topics/ovsdb-replication.rst
View File

@ -91,7 +91,7 @@ When sending a monitor request the standby server is doing the following:
4. For each database with the same schema in both the active and standby
servers: construct and send a monitor request message specifying the tables
that will be monitored (i.e all the tables on the database except the ones
blacklisted [*]).
explicitly excluded [*]).
5. Set the standby database to the current state of the active database.
@ -100,10 +100,9 @@ receive notifications of changes occurring to the tables specified in the
request. The process of handling this notifications is detailed in the next
section.
[*] A set of tables that will be excluded from replication can be configure as
a blacklist of tables via the command line option
``--sync-exclude-tables=db:table[,db:table]...``, where db corresponds to the
database where the table resides.
[*] A set of tables that will be excluded from replication can be configured
via the command line option ``--sync-exclude-tables=db:table[,db:table]...``,
where db corresponds to the database where the table resides.
Replication Process
-------------------

10
Makefile.am
View File

@ -276,7 +276,7 @@ static-check:
fi
.PHONY: static-check
# Check that assert.h is not used outside a whitelist of files.
# Check that assert.h is not used (outside a small set of files).
ALL_LOCAL += check-assert-h-usage
check-assert-h-usage:
@if test -e $(srcdir)/.git && (git --version) >/dev/null 2>&1 && \
@ -323,7 +323,7 @@ check-tabs:
if test -e .git && (git --version) >/dev/null 2>&1 && \
grep -ln "^ " \
`git ls-files \
| grep -v -f build-aux/initial-tab-whitelist` /dev/null \
| grep -v -f build-aux/initial-tab-allowed-files` /dev/null \
| $(EGREP) -v ':[ ]*/?\*'; \
then \
echo "See above for files that use tabs for indentation."; \
@ -336,16 +336,16 @@ ALL_LOCAL += thread-safety-check
thread-safety-check:
@cd $(srcdir); \
if test -e .git && (git --version) >/dev/null 2>&1 && \
grep -n -f build-aux/thread-safety-blacklist \
grep -n -f build-aux/thread-safety-forbidden \
`git ls-files | grep '\.[ch]$$' \
| $(EGREP) -v '^datapath|^lib/sflow|^third-party'` /dev/null \
| $(EGREP) -v ':[ ]*/?\*'; \
then \
echo "See above for list of calls to functions that are"; \
echo "blacklisted due to thread safety issues"; \
echo "forbidden due to thread safety issues"; \
exit 1; \
fi
EXTRA_DIST += build-aux/thread-safety-blacklist
EXTRA_DIST += build-aux/thread-safety-forbidden
.PHONY: thread-safety-check
# Check that "ip" is used in preference to "ifconfig", because

2
build-aux/automake.mk
View File

@ -5,7 +5,7 @@ EXTRA_DIST += \
build-aux/dist-docs \
build-aux/dpdkstrip.py \
build-aux/generate-dhparams-c \
build-aux/initial-tab-whitelist \
build-aux/initial-tab-allowed-files \
build-aux/sodepends.py \
build-aux/soexpand.py \
build-aux/text2c \

0
build-aux/initial-tab-whitelist → build-aux/initial-tab-allowed-files
View File

0
build-aux/thread-safety-blacklist → build-aux/thread-safety-forbidden
View File

2
datapath/Makefile.am
View File

@ -42,7 +42,7 @@ COMPAT_EXPORTS := $(shell $(COMPAT_GET_EXPORTS))
# Checks that all EXPORT_SYMBOL_GPL() export 'rpl_' or 'ovs_' prefixed functions.
check-export-symbol:
@for fun_ in $(COMPAT_FUNCTIONS); do \
if ! grep -- $${fun_} $(top_srcdir)/datapath/linux/compat/build-aux/export-check-whitelist > /dev/null; then \
if ! grep -- $${fun_} $(top_srcdir)/datapath/linux/compat/build-aux/export-check-allow-list > /dev/null; then \
if ! echo $${fun_} | grep -q -E '^(rpl|ovs)_'; then \
echo "error: $${fun_}() needs to be prefixed with 'rpl_' or 'ovs_'."; \
exit 1; \

2
datapath/linux/Modules.mk
View File

@ -120,4 +120,4 @@ openvswitch_headers += \
linux/compat/include/linux/netfilter.h \
linux/compat/include/linux/overflow.h \
linux/compat/include/linux/rbtree.h
EXTRA_DIST += linux/compat/build-aux/export-check-whitelist
EXTRA_DIST += linux/compat/build-aux/export-check-allow-list

0
datapath/linux/compat/build-aux/export-check-whitelist → datapath/linux/compat/build-aux/export-check-allow-list
View File

2
include/openvswitch/automake.mk
View File

@ -72,7 +72,7 @@ endif
# header file has the proper extern declaration for use with C++.
#
# Some header files don't declare any external functions, so they
# don't really need extern "C". We only white list a couple of these
# don't really need extern "C". We only permit a couple of these
# below, which are the ones that seem unlikely to ever declare
# external functions. For the rest, we add extern "C" anyway; it
# doesn't hurt.

2
lib/daemon.man
View File

@ -58,7 +58,7 @@ This option has no effect when \fB\-\-detach\fR is not specified.
.TP
\fB\-\-no\-self\-confinement\fR
By default daemon will try to self-confine itself to work with
files under well-know, at build-time whitelisted directories. It
files under well-known directories determined during build. It
is better to stick with this default behavior and not to use this
flag unless some other Access Control is used to confine daemon.
Note that in contrast to other access control implementations that

2
lib/daemon.xml
View File

@ -82,7 +82,7 @@
<dt><code>--no-self-confinement</code></dt>
<dd>
By default this daemon will try to self-confine itself to work with files
under well-known directories whitelisted at build time. It is better to
under well-known directories determined at build time. It is better to
stick with this default behavior and not to use this flag unless some other
Access Control is used to confine daemon. Note that in contrast to other
access control implementations that are typically enforced from

14
lib/dpif.c
View File

@ -79,9 +79,9 @@ struct registered_dpif_class {
int refcount;
};
static struct shash dpif_classes = SHASH_INITIALIZER(&dpif_classes);
static struct sset dpif_blacklist = SSET_INITIALIZER(&dpif_blacklist);
static struct sset dpif_disallowed = SSET_INITIALIZER(&dpif_disallowed);
/* Protects 'dpif_classes', including the refcount, and 'dpif_blacklist'. */
/* Protects 'dpif_classes', including the refcount, and 'dpif_disallowed'. */
static struct ovs_mutex dpif_mutex = OVS_MUTEX_INITIALIZER;
/* Rate limit for individual messages going to or from the datapath, output at
@ -134,8 +134,8 @@ dp_register_provider__(const struct dpif_class *new_class)
struct registered_dpif_class *registered_class;
int error;
if (sset_contains(&dpif_blacklist, new_class->type)) {
VLOG_DBG("attempted to register blacklisted provider: %s",
if (sset_contains(&dpif_disallowed, new_class->type)) {
VLOG_DBG("attempted to register disallowed provider: %s",
new_class->type);
return EINVAL;
}
@ -219,13 +219,13 @@ dp_unregister_provider(const char *type)
return error;
}
/* Blacklists a provider. Causes future calls of dp_register_provider() with
/* Disallows a provider. Causes future calls of dp_register_provider() with
* a dpif_class which implements 'type' to fail. */
void
dp_blacklist_provider(const char *type)
dp_disallow_provider(const char *type)
{
ovs_mutex_lock(&dpif_mutex);
sset_add(&dpif_blacklist, type);
sset_add(&dpif_disallowed, type);
ovs_mutex_unlock(&dpif_mutex);
}

2
lib/dpif.h
View File

@ -400,7 +400,7 @@ struct sset;
int dp_register_provider(const struct dpif_class *);
int dp_unregister_provider(const char *type);
void dp_blacklist_provider(const char *type);
void dp_disallow_provider(const char *type);
void dp_enumerate_types(struct sset *types);
const char *dpif_normalize_type(const char *);

4
lib/ovsdb-idl.h
View File

@ -100,12 +100,12 @@ const struct ovsdb_idl_table_class *ovsdb_idl_table_class_from_column(
* The client may choose any subset of the columns and tables to replicate,
* specifying it one of two ways:
*
* - As a blacklist (adding the columns or tables to replicate). To do so,
* - As a deny list (adding the columns or tables to replicate). To do so,
* the client passes false as 'monitor_everything_by_default' to
* ovsdb_idl_create() and then calls ovsdb_idl_add_column() and
* ovsdb_idl_add_table() for the desired columns and, if necessary, tables.
*
* - As a whitelist (replicating all columns and tables except those
* - As an allow list (replicating all columns and tables except those
* explicitly removed). To do so, the client passes true as
* 'monitor_everything_by_default' to ovsdb_idl_create() and then calls
* ovsdb_idl_omit() to remove columns.

8
ovsdb/ovsdb-server.c
View File

@ -1391,7 +1391,7 @@ ovsdb_server_set_sync_exclude_tables(struct unixctl_conn *conn,
{
struct server_config *config = config_;
char *err = set_blacklist_tables(argv[1], true);
char *err = set_excluded_tables(argv[1], true);
if (!err) {
free(*config->sync_exclude);
*config->sync_exclude = xstrdup(argv[1]);
@ -1403,7 +1403,7 @@ ovsdb_server_set_sync_exclude_tables(struct unixctl_conn *conn,
config->all_dbs, server_uuid,
*config->replication_probe_interval);
}
err = set_blacklist_tables(argv[1], false);
err = set_excluded_tables(argv[1], false);
}
unixctl_command_reply(conn, err);
free(err);
@ -1415,7 +1415,7 @@ ovsdb_server_get_sync_exclude_tables(struct unixctl_conn *conn,
const char *argv[] OVS_UNUSED,
void *arg_ OVS_UNUSED)
{
char *reply = get_blacklist_tables();
char *reply = get_excluded_tables();
unixctl_command_reply(conn, reply);
free(reply);
}
@ -1853,7 +1853,7 @@ parse_options(int argc, char *argv[],
break;
case OPT_SYNC_EXCLUDE: {
char *err = set_blacklist_tables(optarg, false);
char *err = set_excluded_tables(optarg, false);
if (err) {
ovs_fatal(0, "%s", err);
}

72
ovsdb/replication.c
View File

@ -68,11 +68,11 @@ static struct ovsdb_error *execute_update(struct ovsdb_txn *txn,
struct json *new);
/* Maps from db name to sset of table names. */
static struct shash blacklist_tables = SHASH_INITIALIZER(&blacklist_tables);
static struct shash excluded_tables = SHASH_INITIALIZER(&excluded_tables);
static void blacklist_tables_clear(void);
static void blacklist_tables_add(const char *database, const char *table);
static bool blacklist_tables_find(const char *database, const char* table);
static void excluded_tables_clear(void);
static void excluded_tables_add(const char *database, const char *table);
static bool excluded_tables_find(const char *database, const char *table);
/* Keep track of request IDs of all outstanding OVSDB requests. */
@ -131,7 +131,7 @@ replication_init(const char *sync_from_, const char *exclude_tables,
sync_from = xstrdup(sync_from_);
/* Caller should have verified that the 'exclude_tables' is
* parseable. An error here is unexpected. */
ovs_assert(!set_blacklist_tables(exclude_tables, false));
ovs_assert(!set_excluded_tables(exclude_tables, false));
replication_dbs_destroy();
@ -407,38 +407,38 @@ replication_wait(void)
}
}
/* Parse 'blacklist' to rebuild 'blacklist_tables'. If 'dryrun' is false, the
* current black list tables will be wiped out, regardless of whether
* 'blacklist' can be parsed. If 'dryrun' is true, only parses 'blacklist' and
* reports any errors, without modifying the blacklist.
/* Parse 'excluded' to rebuild 'excluded_tables'. If 'dryrun' is false, the
* current set of excluded tables will be wiped out, regardless of whether
* 'excluded' can be parsed. If 'dryrun' is true, only parses 'excluded' and
* reports any errors, without modifying the list of exclusions.
*
* On error, returns the error string, which the caller is
* responsible for freeing. Returns NULL otherwise. */
char * OVS_WARN_UNUSED_RESULT
set_blacklist_tables(const char *blacklist, bool dryrun)
set_excluded_tables(const char *excluded, bool dryrun)
{
struct sset set = SSET_INITIALIZER(&set);
char *err = NULL;
if (blacklist) {
if (excluded) {
const char *longname;
if (!dryrun) {
/* Can only add to an empty shash. */
blacklist_tables_clear();
excluded_tables_clear();
}
sset_from_delimited_string(&set, blacklist, " ,");
sset_from_delimited_string(&set, excluded, " ,");
SSET_FOR_EACH (longname, &set) {
char *database = xstrdup(longname), *table = NULL;
strtok_r(database, ":", &table);
if (table && !dryrun) {
blacklist_tables_add(database, table);
excluded_tables_add(database, table);
}
free(database);
if (!table) {
err = xasprintf("Can't parse black list table: %s", longname);
err = xasprintf("Can't parse excluded table: %s", longname);
goto done;
}
}
@ -447,19 +447,19 @@ set_blacklist_tables(const char *blacklist, bool dryrun)
done:
sset_destroy(&set);
if (err && !dryrun) {
/* On error, destroy the partially built 'blacklist_tables'. */
blacklist_tables_clear();
/* On error, destroy the partially built 'excluded_tables'. */
excluded_tables_clear();
}
return err;
}
char * OVS_WARN_UNUSED_RESULT
get_blacklist_tables(void)
get_excluded_tables(void)
{
struct shash_node *node;
struct sset set = SSET_INITIALIZER(&set);
SHASH_FOR_EACH (node, &blacklist_tables) {
SHASH_FOR_EACH (node, &excluded_tables) {
const char *database = node->name;
const char *table;
struct sset *tables = node->data;
@ -489,35 +489,35 @@ get_blacklist_tables(void)
}
static void
blacklist_tables_clear(void)
excluded_tables_clear(void)
{
struct shash_node *node;
SHASH_FOR_EACH (node, &blacklist_tables) {
SHASH_FOR_EACH (node, &excluded_tables) {
struct sset *tables = node->data;
sset_destroy(tables);
}
shash_clear_free_data(&blacklist_tables);
shash_clear_free_data(&excluded_tables);
}
static void
blacklist_tables_add(const char *database, const char *table)
excluded_tables_add(const char *database, const char *table)
{
struct sset *tables = shash_find_data(&blacklist_tables, database);
struct sset *tables = shash_find_data(&excluded_tables, database);
if (!tables) {
tables = xmalloc(sizeof *tables);
sset_init(tables);
shash_add(&blacklist_tables, database, tables);
shash_add(&excluded_tables, database, tables);
}
sset_add(tables, table);
}
static bool
blacklist_tables_find(const char *database, const char *table)
excluded_tables_find(const char *database, const char *table)
{
struct sset *tables = shash_find_data(&blacklist_tables, database);
struct sset *tables = shash_find_data(&excluded_tables, database);
return tables && sset_contains(tables, table);
}
@ -531,8 +531,8 @@ disconnect_active_server(void)
void
replication_destroy(void)
{
blacklist_tables_clear();
shash_destroy(&blacklist_tables);
excluded_tables_clear();
shash_destroy(&excluded_tables);
if (sync_from) {
free(sync_from);
@ -558,8 +558,8 @@ reset_database(struct ovsdb *db)
struct shash_node *table_node;
SHASH_FOR_EACH (table_node, &db->tables) {
/* Delete all rows if the table is not blacklisted. */
if (!blacklist_tables_find(db->schema->name, table_node->name)) {
/* Delete all rows if the table is not excluded. */
if (!excluded_tables_find(db->schema->name, table_node->name)) {
struct ovsdb_table *table = table_node->data;
struct ovsdb_row *row, *next;
HMAP_FOR_EACH_SAFE (row, next, hmap_node, &table->rows) {
@ -572,7 +572,7 @@ reset_database(struct ovsdb *db)
}
/* Create a monitor request for 'db'. The monitor request will include
* any tables from 'blacklisted_tables'
* any tables from 'excluded_tables'
*
* Caller is responsible for disposing 'request'.
*/
@ -590,8 +590,8 @@ create_monitor_request(struct ovsdb_schema *schema)
for (int j = 0; j < n; j++) {
struct ovsdb_table_schema *table = nodes[j]->data;
/* Monitor all tables not blacklisted. */
if (!blacklist_tables_find(db_name, table->name)) {
/* Monitor all tables not excluded. */
if (!excluded_tables_find(db_name, table->name)) {
add_monitored_table(table, monitor_request);
}
}
@ -914,10 +914,10 @@ replication_status(void)
}
ds_chomp(&ds, ',');
if (!shash_is_empty(&blacklist_tables)) {
if (!shash_is_empty(&excluded_tables)) {
ds_put_char(&ds, '\n');
ds_put_cstr(&ds, "exclude: ");
ds_put_and_free_cstr(&ds, get_blacklist_tables());
ds_put_and_free_cstr(&ds, get_excluded_tables());
}
break;
}

10
ovsdb/replication.h
View File

@ -39,9 +39,9 @@ struct ovsdb;
* replication_get_last_error() should be call within the main loop
* whenever OVSDB server runs in the backup mode.
*
* - set_blacklist_tables(), get_blacklist_tables(),
* disconnect_active_server() and replication_usage() are support functions
* used mainly by uinxctl commands.
* - set_excluded_tables(), get_excluded_tables(), disconnect_active_server()
* and replication_usage() are support functions used mainly by unixctl
* commands.
*/
#define REPLICATION_DEFAULT_PROBE_INTERVAL 60000
@ -58,9 +58,9 @@ int replication_get_last_error(void);
char *replication_status(void);
void replication_set_probe_interval(int);
char *set_blacklist_tables(const char *blacklist, bool dryrun)
char *set_excluded_tables(const char *excluded, bool dryrun)
OVS_WARN_UNUSED_RESULT;
char *get_blacklist_tables(void) OVS_WARN_UNUSED_RESULT;
char *get_excluded_tables(void) OVS_WARN_UNUSED_RESULT;
void disconnect_active_server(void);
#endif /* ovsdb/replication.h */

4
tests/ofproto-macros.at
View File

@ -304,11 +304,11 @@ add_pmd_of_ports () {
m4_divert_pop([PREPARE_TESTS])
# OVS_VSWITCHD_STOP([WHITELIST])
# OVS_VSWITCHD_STOP([ALLOWLIST])
#
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
# for messages with severity WARN or higher and signaling an error if any
# is present. The optional WHITELIST may contain shell-quoted "sed"
# is present. The optional ALLOWLIST may contain shell-quoted "sed"
# commands to delete any warnings that are actually expected, e.g.:
#
# OVS_VSWITCHD_STOP(["/expected error/d"])

6
tests/system-kmod-macros.at
View File

@ -29,16 +29,16 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START],
AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2])
])
# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds])
# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds])
#
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
# for messages with severity WARN or higher and signaling an error if any
# is present. The optional WHITELIST may contain shell-quoted "sed"
# is present. The optional ALLOWLIST may contain shell-quoted "sed"
# commands to delete any warnings that are actually expected, e.g.:
#
# OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"])
#
# 'extra_cmds' are shell commands to be executed afte OVS_VSWITCHD_STOP() is
# 'extra_cmds' are shell commands to be executed after OVS_VSWITCHD_STOP() is
# invoked. They can be used to perform additional cleanups such as name space
# removal.
m4_define([OVS_TRAFFIC_VSWITCHD_STOP],

6
tests/system-userspace-macros.at
View File

@ -21,16 +21,16 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START],
AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2])
])
# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds])
# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds])
#
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
# for messages with severity WARN or higher and signaling an error if any
# is present. The optional WHITELIST may contain shell-quoted "sed"
# is present. The optional ALLOWLIST may contain shell-quoted "sed"
# commands to delete any warnings that are actually expected, e.g.:
#
# OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"])
#
# 'extra_cmds' are shell commands to be executed afte OVS_VSWITCHD_STOP() is
# 'extra_cmds' are shell commands to be executed after OVS_VSWITCHD_STOP() is
# invoked. They can be used to perform additional cleanups such as name space
# removal.
m4_define([OVS_TRAFFIC_VSWITCHD_STOP],

3
tests/test-classifier.c
View File

@ -14,7 +14,8 @@
* limitations under the License.
*/
/* "White box" tests for classifier.
/* Tests for classifier, written with knowledge of and to advantage of the
* classifier's internal structure.
*
* With very few exceptions, these tests obtain complete coverage of every
* basic block and every branch in the classifier implementation, e.g. a clean

8
utilities/checkpatch.py
View File

@ -190,13 +190,13 @@ skip_signoff_check = False
# name, as they may have legitimate reasons to have longer lines.
#
# Python isn't checked as flake8 performs these checks during build.
line_length_blacklist = re.compile(
line_length_ignore_list = re.compile(
r'\.(am|at|etc|in|m4|mk|patch|py)$|debian/rules')
# Don't enforce a requirement that leading whitespace be all spaces on
# files that include these characters in their name, since these kinds
# of files need lines with leading tabs.
leading_whitespace_blacklist = re.compile(r'\.(mk|am|at)$|debian/rules')
leading_whitespace_ignore_list = re.compile(r'\.(mk|am|at)$|debian/rules')
def is_subtracted_line(line):
@ -523,11 +523,11 @@ file_checks = [
checks = [
{'regex': None,
'match_name': lambda x: not line_length_blacklist.search(x),
'match_name': lambda x: not line_length_ignore_list.search(x),
'check': lambda x: line_length_check(x)},
{'regex': None,
'match_name': lambda x: not leading_whitespace_blacklist.search(x),
'match_name': lambda x: not leading_whitespace_ignore_list.search(x),
'check': lambda x: not leading_whitespace_is_spaces(x),
'print': lambda: print_warning("Line has non-spaces leading whitespace")},

27
vswitchd/bridge.c
View File

@ -3909,49 +3909,48 @@ bridge_configure_remotes(struct bridge *br,
&& (!strncmp(c->target, "punix:", 6)
|| !strncmp(c->target, "unix:", 5))) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
char *whitelist;
char *allowed;
if (!strncmp(c->target, "unix:", 5)) {
/* Connect to a listening socket */
whitelist = xasprintf("unix:%s/", ovs_rundir());
allowed = xasprintf("unix:%s/", ovs_rundir());
if (strchr(c->target, '/') &&
!equal_pathnames(c->target, whitelist,
strlen(whitelist))) {
!equal_pathnames(c->target, allowed, strlen(allowed))) {
/* Absolute path specified, but not in ovs_rundir */
VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
"controller \"%s\" due to possibility for "
"remote exploit. Instead, specify socket "
"in whitelisted \"%s\" or connect to "
"in permitted directory \"%s\" or connect to "
"\"unix:%s/%s.mgmt\" (which is always "
"available without special configuration).",
br->name, c->target, whitelist,
br->name, c->target, allowed,
ovs_rundir(), br->name);
free(whitelist);
free(allowed);
continue;
}
} else {
whitelist = xasprintf("punix:%s/%s.",
allowed = xasprintf("punix:%s/%s.",
ovs_rundir(), br->name);
if (!equal_pathnames(c->target, whitelist, strlen(whitelist))
|| strchr(c->target + strlen(whitelist), '/')) {
if (!equal_pathnames(c->target, allowed, strlen(allowed))
|| strchr(c->target + strlen(allowed), '/')) {
/* Prevent remote ovsdb-server users from accessing
* arbitrary Unix domain sockets and overwriting arbitrary
* local files. */
VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
"controller \"%s\" due to possibility of "
"overwriting local files. Instead, specify "
"path in whitelisted format \"%s*\" or "
"path in permitted format \"%s*\" or "
"connect to \"unix:%s/%s.mgmt\" (which is "
"always available without special "
"configuration).",
br->name, c->target, whitelist,
br->name, c->target, allowed,
ovs_rundir(), br->name);
free(whitelist);
free(allowed);
continue;
}
}
free(whitelist);
free(allowed);
}
bridge_configure_local_iface_netdev(br, c);

2
vswitchd/ovs-vswitchd.c
View File

@ -228,7 +228,7 @@ parse_options(int argc, char *argv[], char **unixctl_pathp)
break;
case OPT_DISABLE_SYSTEM:
dp_blacklist_provider("system");
dp_disallow_provider("system");
break;
case OPT_DISABLE_SYSTEM_ROUTE:

2
vswitchd/vswitch.xml
View File

@ -1072,7 +1072,7 @@
Drop all unencrypted tunneled packets in which the
least-significant bit of <code>skb_mark</code> is 0. This would
be a useful policy if no unencrypted tunneled traffic should exit
the system without being specially whitelisted by setting
the system without being specially permitted by setting
<code>skb_mark</code> to 1.
</dd>