From: Daniel P. Berrangé <berrange@redhat.com>
Date: Tue, 16 Jun 2020 10:24:48 +0000 (+0100)
Subject: docs: remove use of the term 'whitelist' from cgroup docs
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=60e4d9d04ee4bf9c4b62540411c759053db775fe;p=libvirt.git

docs: remove use of the term 'whitelist' from cgroup docs

The term "access control list" better describes the concept involved.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index b6d731bb59..31d3fee213 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -468,12 +468,12 @@ chmod o+x /path/to/directory
       for resource management. It is implemented via a number of "controllers",
       each controller covering a specific task/functional area. One of the
       available controllers is the "devices" controller, which is able to
-      setup whitelists of block/character devices that a cgroup should be
-      allowed to access. If the "devices" controller is mounted on a host,
-      then libvirt will automatically create a dedicated cgroup for each
-      QEMU virtual machine and setup the device whitelist so that the QEMU
-      process can only access shared devices, and explicitly disks images
-      backed by block devices.
+      setup access control lists of block/character devices that a cgroup
+      should be allowed to access. If the "devices" controller is mounted on a
+      host, then libvirt will automatically create a dedicated cgroup for each
+      QEMU virtual machine and setup the device access control list so that the
+      QEMU process can only access shared devices, and explicitly assigned disks
+      images backed by block devices.
     </p>
 
     <p>
diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-passthrough-security.rst
index 5f761cbfcb..4381d9f3a6 100644
--- a/docs/kbase/qemu-passthrough-security.rst
+++ b/docs/kbase/qemu-passthrough-security.rst
@@ -110,7 +110,8 @@ Granting access per VM
   policy on a per VM basis.
 
 * Cgroups - a custom cgroup is created per VM and this will either use the
-  ``devices`` controller or an ``BPF`` rule to whitelist a set of device nodes.
+  ``devices`` controller or an ``BPF`` rule to define an access control list
+  for the set of device nodes.
   There is no way to change this policy on a per VM basis.
 
 Disabling security protection per VM