rename whitelist to ignorelist

2020-06-02 15:56:27 -07:00 · 2020-06-02 15:56:27 -07:00 · cbf3073fda
parent e0f93578b6
commit cbf3073fda
19 changed files with 151 additions and 151 deletions
--- a/cmd/executor/cmd/root.go
+++ b/cmd/executor/cmd/root.go
@ -83,8 +83,8 @@ var RootCmd = &cobra.Command{
 			if len(opts.Destinations) == 0 && opts.ImageNameDigestFile != "" {
 				return errors.New("You must provide --destination if setting ImageNameDigestFile")
 			}
-			// Update whitelisted paths
+			// Update skipped paths
-			util.UpdateWhitelist(opts.WhitelistVarRun)
+			util.UpdateInitialIgnoreList(opts.SkipVarRun)
 		}
 		return nil
 	},
@ -160,7 +160,7 @@ func addKanikoOptionsFlags() {
 	opts.RegistriesCertificates = make(map[string]string)
 	RootCmd.PersistentFlags().VarP(&opts.RegistriesCertificates, "registry-certificate", "", "Use the provided certificate for TLS communication with the given registry. Expected format is 'my.registry.url=/path/to/the/server/certificate'.")
 	RootCmd.PersistentFlags().StringVarP(&opts.RegistryMirror, "registry-mirror", "", "", "Registry mirror to use has pull-through cache instead of docker.io.")
-	RootCmd.PersistentFlags().BoolVarP(&opts.WhitelistVarRun, "whitelist-var-run", "", true, "Ignore /var/run directory when taking image snapshot. Set it to false to preserve /var/run/ in destination image. (Default true).")
+	RootCmd.PersistentFlags().BoolVarP(&opts.SkipVarRun, "whitelist-var-run", "", true, "Ignore /var/run directory when taking image snapshot. Set it to false to preserve /var/run/ in destination image. (Default true).")
 	RootCmd.PersistentFlags().VarP(&opts.Labels, "label", "", "Set metadata for an image. Set it repeatedly for multiple labels.")
 	RootCmd.PersistentFlags().BoolVarP(&opts.SkipUnusedStages, "skip-unused-stages", "", false, "Build only used stages if defined to true. Otherwise it builds by default all stages, even the unnecessaries ones until it reaches the target stage / end of Dockerfile")
 }
--- a/deploy/Dockerfile_debug
+++ b/deploy/Dockerfile_debug
@ -46,7 +46,7 @@ COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
 COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
 COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr
 COPY --from=1 /distroless/bazel-bin/experimental/busybox/busybox/ /busybox/
-# Declare /busybox as a volume to get it automatically whitelisted
+# Declare /busybox as a volume to get it automatically in the path to skip
 VOLUME /busybox
 COPY files/ca-certificates.crt /kaniko/ssl/certs/
 COPY --from=0 /kaniko/.docker /kaniko/.docker
--- a/docs/design_proposals/filesystem-resolution-proposal-01.md
+++ b/docs/design_proposals/filesystem-resolution-proposal-01.md
@ -19,7 +19,7 @@ To accomplish this, Kaniko walks the entire filesystem to discover every object.
 Some of these objects may actually be a symlink to another object in the
 filesystem; in these cases we must consider both the link and the target object.
-Kaniko also maintains a set of whitelisted (aka ignored) filepaths. Any object
+Kaniko also maintains a set of ignored (aka ignored) filepaths. Any object
 which matches one of these filepaths should be ignored by kaniko.
 This results in a 3 dimensional search space
--- a/integration/dockerfiles/Dockerfile_test_add
+++ b/integration/dockerfiles/Dockerfile_test_add
@ -14,7 +14,7 @@ ADD $contextenv/* /tmp/${contextenv}/
 ADD context/tars/fil* /tars/
 ADD context/tars/file.tar /tars_again
-# This tar has some directories that should be whitelisted inside it.
+# This tar has some directories that should be ignored inside it.
 ADD context/tars/sys.tar.gz /
--- a/integration/dockerfiles/Dockerfile_test_multistage
+++ b/integration/dockerfiles/Dockerfile_test_multistage
@ -13,7 +13,7 @@ FROM base as fourth
 RUN date > /date
 ENV foo bar
-# This base image contains symlinks with relative paths to whitelisted directories
+# This base image contains symlinks with relative paths to ignored directories
 # We need to test they're extracted correctly
 FROM fedora@sha256:c4cc32b09c6ae3f1353e7e33a8dda93dc41676b923d6d89afa996b421cc5aa48
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -556,7 +556,7 @@ func checkContainerDiffOutput(t *testing.T, diff []byte, expected string) {
 		t.Error(err)
 	}
-	// Some differences (whitelisted paths, etc.) are known and expected.
+	// Some differences (ignored paths, etc.) are known and expected.
 	fdr := diffInt[0].Diff.(*fileDiffResult)
 	fdr.Adds = filterFileDiff(fdr.Adds)
 	fdr.Dels = filterFileDiff(fdr.Dels)
@ -588,14 +588,14 @@ func filterMetaDiff(metaDiff []string) []string {
 func filterFileDiff(f []fileDiff) []fileDiff {
 	var newDiffs []fileDiff
 	for _, diff := range f {
-		isWhitelisted := false
+		isSkipped := false
 		for _, p := range allowedDiffPaths {
 			if util.HasFilepathPrefix(diff.Name, p, false) {
-				isWhitelisted = true
+				isSkipped = true
 				break
 			}
 		}
-		if !isWhitelisted {
+		if !isSkipped {
 			newDiffs = append(newDiffs, diff)
 		}
 	}
--- a/pkg/commands/volume.go
+++ b/pkg/commands/volume.go
@ -48,7 +48,7 @@ func (v *VolumeCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.
 	for _, volume := range resolvedVolumes {
 		var x struct{}
 		existingVolumes[volume] = x
-		util.AddVolumePathToWhitelist(volume)
+		util.AddVolumePathToIgnoreList(volume)
 		// Only create and snapshot the dir if it didn't exist already
 		if _, err := os.Stat(volume); os.IsNotExist(err) {
--- a/pkg/config/init.go
+++ b/pkg/config/init.go
@ -22,10 +22,10 @@ import (
 var RootDir string
 var KanikoDir string
-var WhitelistPath string
+var IgnoreListPath string
 func init() {
 	RootDir = constants.RootDir
 	KanikoDir = constants.KanikoDir
-	WhitelistPath = constants.WhitelistPath
+	IgnoreListPath = constants.IgnoreListPath
 }
--- a/pkg/config/options.go
+++ b/pkg/config/options.go
@ -55,7 +55,7 @@ type KanikoOptions struct {
 	NoPush                  bool
 	Cache                   bool
 	Cleanup                 bool
-	WhitelistVarRun         bool
+	SkipVarRun              bool
 	SkipUnusedStages        bool
 }
--- a/pkg/constants/constants.go
+++ b/pkg/constants/constants.go
@ -26,7 +26,7 @@ const (
 	//KanikoDir is the path to the Kaniko directory
 	KanikoDir = "/kaniko"
-	WhitelistPath = "/proc/self/mountinfo"
+	IgnoreListPath = "/proc/self/mountinfo"
 	Author = "kaniko"
--- a/pkg/dockerfile/dockerfile_test.go
+++ b/pkg/dockerfile/dockerfile_test.go
@ -565,7 +565,7 @@ func Test_SkipingUnusedStages(t *testing.T) {
 			# Make sure that we snapshot intermediate images correctly
 			RUN date > /date
 			ENV foo bar
-			# This base image contains symlinks with relative paths to whitelisted directories
+			# This base image contains symlinks with relative paths to ignored directories
 			# We need to test they're extracted correctly
 			FROM fedora@sha256:c4cc32b09c6ae3f1353e7e33a8dda93dc41676b923d6d89afa996b421cc5aa48
 			FROM fourth
--- a/pkg/executor/build.go
+++ b/pkg/executor/build.go
@ -314,8 +314,8 @@ func (s *stageBuilder) build() error {
 		logrus.Info("Skipping unpacking as no commands require it.")
 	}
-	if err := util.DetectFilesystemWhitelist(config.WhitelistPath); err != nil {
+	if err := util.DetectFilesystemIgnoreList(config.IgnoreListPath); err != nil {
-		return errors.Wrap(err, "failed to check filesystem whitelist")
+		return errors.Wrap(err, "failed to check filesystem mount paths")
 	}
 	initSnapshotTaken := false
--- a/pkg/executor/composite_cache.go
+++ b/pkg/executor/composite_cache.go
@ -69,7 +69,7 @@ func (s *CompositeCache) AddPath(p, context string) error {
 		}
 		// Only add the hash of this directory to the key
-		// if there is any whitelisted content.
+		// if there is any ignored content.
 		if !empty || !util.ExcludeFile(p, context) {
 			s.keys = append(s.keys, k)
 		}
--- a/pkg/executor/copy_multistage_test.go
+++ b/pkg/executor/copy_multistage_test.go
@ -166,7 +166,7 @@ func setupMultistageTests(t *testing.T) (string, func()) {
 	// set up config
 	config.RootDir = testDir
 	config.KanikoDir = fmt.Sprintf("%s/%s", testDir, "kaniko")
-	// Write a whitelist path
+	// Write path to ignore list
 	if err := os.MkdirAll(filepath.Join(testDir, "proc"), 0755); err != nil {
 		t.Fatal(err)
 	}
@ -178,10 +178,10 @@ func setupMultistageTests(t *testing.T) (string, func()) {
 	if err := ioutil.WriteFile(mFile, []byte(mountInfo), 0644); err != nil {
 		t.Fatal(err)
 	}
-	config.WhitelistPath = mFile
+	config.IgnoreListPath = mFile
 	return testDir, func() {
 		config.KanikoDir = constants.KanikoDir
 		config.RootDir = constants.RootDir
-		config.WhitelistPath = constants.WhitelistPath
+		config.IgnoreListPath = constants.IgnoreListPath
 	}
 }
--- a/pkg/filesystem/resolve.go
+++ b/pkg/filesystem/resolve.go
@ -26,24 +26,24 @@ import (
 	"github.com/sirupsen/logrus"
 )
-// ResolvePaths takes a slice of file paths and a slice of whitelist entries. It resolve each
+// ResolvePaths takes a slice of file paths and a list of skipped file paths. It resolve each
 // file path according to a set of rules and then returns a slice of resolved paths or error.
 // File paths are resolved according to the following rules:
-// * If path is whitelisted, skip it.
+// * If path is in ignorelist, skip it.
 // * If path is a symlink, resolve it's ancestor link and add it to the output set.
-// * If path is a symlink, resolve it's target. If the target is not whitelisted add it to the
+// * If path is a symlink, resolve it's target. If the target is not ignored add it to the
 // output set.
 // * Add all ancestors of each path to the output set.
-func ResolvePaths(paths []string, wl []util.WhitelistEntry) (pathsToAdd []string, err error) {
+func ResolvePaths(paths []string, wl []util.IgnoreListEntry) (pathsToAdd []string, err error) {
 	logrus.Infof("Resolving %d paths", len(paths))
 	logrus.Tracef("Resolving paths %s", paths)
 	fileSet := make(map[string]bool)
 	for _, f := range paths {
-		// If the given path is part of the whitelist ignore it
+		// If the given path is part of the ignorelist ignore it
-		if util.IsInProvidedWhitelist(f, wl) {
+		if util.IsInProvidedIgnoreList(f, wl) {
-			logrus.Debugf("path %s is whitelisted, ignoring it", f)
+			logrus.Debugf("path %s is in list to ignore, ignoring it", f)
 			continue
 		}
@ -76,10 +76,10 @@ func ResolvePaths(paths []string, wl []util.WhitelistEntry) (pathsToAdd []string
 			continue
 		}
-		// If the given path is a symlink and the target is part of the whitelist
+		// If the given path is a symlink and the target is part of the ignorelist
 		// ignore the target
-		if util.IsInProvidedWhitelist(evaled, wl) {
+		if util.IsInProvidedIgnoreList(evaled, wl) {
-			logrus.Debugf("path %s is whitelisted, ignoring it", evaled)
+			logrus.Debugf("path %s is ignored, ignoring it", evaled)
 			continue
 		}
--- a/pkg/filesystem/resolve_test.go
+++ b/pkg/filesystem/resolve_test.go
@ -85,8 +85,8 @@ func Test_ResolvePaths(t *testing.T) {
 				}
 			}
-			t.Run("none are whitelisted", func(t *testing.T) {
+			t.Run("none are ignored", func(t *testing.T) {
-				wl := []util.WhitelistEntry{}
+				wl := []util.IgnoreListEntry{}
 				inputFiles := []string{}
 				expectedFiles := []string{}
@ -107,8 +107,8 @@ func Test_ResolvePaths(t *testing.T) {
 				validateResults(t, files, expectedFiles, err)
 			})
-			t.Run("some are whitelisted", func(t *testing.T) {
+			t.Run("some are ignored", func(t *testing.T) {
-				wl := []util.WhitelistEntry{
+				wl := []util.IgnoreListEntry{
 					{
 						Path: filepath.Join(dir, "link", "baz"),
 					},
@ -124,7 +124,7 @@ func Test_ResolvePaths(t *testing.T) {
 					link := filepath.Join(dir, "link", f)
 					inputFiles = append(inputFiles, link)
-					if util.IsInProvidedWhitelist(link, wl) {
+					if util.IsInProvidedIgnoreList(link, wl) {
 						t.Logf("skipping %s", link)
 						continue
 					}
@ -133,7 +133,7 @@ func Test_ResolvePaths(t *testing.T) {
 					target := filepath.Join(dir, "target", f)
-					if util.IsInProvidedWhitelist(target, wl) {
+					if util.IsInProvidedIgnoreList(target, wl) {
 						t.Logf("skipping %s", target)
 						continue
 					}
@ -177,7 +177,7 @@ func Test_ResolvePaths(t *testing.T) {
 		inputFiles := []string{}
 		expectedFiles := []string{}
-		wl := []util.WhitelistEntry{}
+		wl := []util.IgnoreListEntry{}
 		files, err := ResolvePaths(inputFiles, wl)
--- a/pkg/snapshot/snapshot.go
+++ b/pkg/snapshot/snapshot.go
@ -41,12 +41,12 @@ var snapshotPathPrefix = config.KanikoDir
 type Snapshotter struct {
 	l          *LayeredMap
 	directory  string
-	whitelist []util.WhitelistEntry
+	ignorelist []util.IgnoreListEntry
 }
 // NewSnapshotter creates a new snapshotter rooted at d
 func NewSnapshotter(l *LayeredMap, d string) *Snapshotter {
-	return &Snapshotter{l: l, directory: d, whitelist: util.Whitelist()}
+	return &Snapshotter{l: l, directory: d, ignorelist: util.IgnoreList()}
 }
 // Init initializes a new snapshotter
@ -60,7 +60,7 @@ func (s *Snapshotter) Key() (string, error) {
 	return s.l.Key()
 }
-// TakeSnapshot takes a snapshot of the specified files, avoiding directories in the whitelist, and creates
+// TakeSnapshot takes a snapshot of the specified files, avoiding directories in the ignorelist, and creates
 // a tarball of the changed files. Return contents of the tarball, and whether or not any files were changed
 func (s *Snapshotter) TakeSnapshot(files []string) (string, error) {
 	f, err := ioutil.TempFile(config.KanikoDir, "")
@ -75,7 +75,7 @@ func (s *Snapshotter) TakeSnapshot(files []string) (string, error) {
 		return "", nil
 	}
-	filesToAdd, err := filesystem.ResolvePaths(files, s.whitelist)
+	filesToAdd, err := filesystem.ResolvePaths(files, s.ignorelist)
 	if err != nil {
 		return "", nil
 	}
@ -100,7 +100,7 @@ func (s *Snapshotter) TakeSnapshot(files []string) (string, error) {
 	return f.Name(), nil
 }
-// TakeSnapshotFS takes a snapshot of the filesystem, avoiding directories in the whitelist, and creates
+// TakeSnapshotFS takes a snapshot of the filesystem, avoiding directories in the ignorelist, and creates
 // a tarball of the changed files.
 func (s *Snapshotter) TakeSnapshotFS() (string, error) {
 	f, err := ioutil.TempFile(snapshotPathPrefix, "")
@ -139,9 +139,9 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
 	godirwalk.Walk(s.directory, &godirwalk.Options{
 		Callback: func(path string, ent *godirwalk.Dirent) error {
-			if util.IsInWhitelist(path) {
+			if util.IsInIgnoreList(path) {
 				if util.IsDestDir(path) {
-					logrus.Tracef("Skipping paths under %s, as it is a whitelisted directory", path)
+					logrus.Tracef("Skipping paths under %s, as it is a ignored directory", path)
 					return filepath.SkipDir
 				}
@ -159,7 +159,7 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
 	timing.DefaultRun.Stop(timer)
 	timer = timing.Start("Resolving Paths")
-	resolvedFiles, err := filesystem.ResolvePaths(foundPaths, s.whitelist)
+	resolvedFiles, err := filesystem.ResolvePaths(foundPaths, s.ignorelist)
 	if err != nil {
 		return nil, nil, err
 	}
@ -193,8 +193,8 @@ func (s *Snapshotter) scanFullFilesystem() ([]string, []string, error) {
 	filesToAdd := []string{}
 	for path := range resolvedMemFs {
-		if util.CheckWhitelist(path) {
+		if util.CheckIgnoreList(path) {
-			logrus.Tracef("Not adding %s to layer, as it's whitelisted", path)
+			logrus.Tracef("Not adding %s to layer, as it's ignored", path)
 			continue
 		}
 		// Only add changed files.
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@ -44,31 +44,31 @@ import (
 const DoNotChangeUID = -1
 const DoNotChangeGID = -1
-type WhitelistEntry struct {
+type IgnoreListEntry struct {
 	Path            string
 	PrefixMatchOnly bool
 }
-var initialWhitelist = []WhitelistEntry{
+var initialIgnoreList = []IgnoreListEntry{
 	{
 		Path:            config.KanikoDir,
 		PrefixMatchOnly: false,
 	},
 	{
-		// similarly, we whitelist /etc/mtab, since there is no way to know if the file was mounted or came
+		// similarly, we skip /etc/mtab, since there is no way to know if the file was mounted or came
 		// from the base image
 		Path:            "/etc/mtab",
 		PrefixMatchOnly: false,
 	},
 	{
-		// we whitelist /tmp/apt-key-gpghome, since the apt keys are added temporarily in this directory.
+		// we skip /tmp/apt-key-gpghome, since the apt keys are added temporarily in this directory.
 		// from the base image
 		Path:            "/tmp/apt-key-gpghome",
 		PrefixMatchOnly: true,
 	},
 }
-var whitelist = initialWhitelist
+var ignorelist = initialIgnoreList
 var volumes = []string{}
@ -84,8 +84,8 @@ type FSConfig struct {
 type FSOpt func(*FSConfig)
-func Whitelist() []WhitelistEntry {
+func IgnoreList() []IgnoreListEntry {
-	return whitelist
+	return ignorelist
 }
 func IncludeWhiteout() FSOpt {
@ -126,11 +126,11 @@ func GetFSFromLayers(root string, layers []v1.Layer, opts ...FSOpt) ([]string, e
 		return nil, errors.New("must supply an extract function")
 	}
-	if err := DetectFilesystemWhitelist(config.WhitelistPath); err != nil {
+	if err := DetectFilesystemIgnoreList(config.IgnoreListPath); err != nil {
 		return nil, err
 	}
-	logrus.Debugf("Mounted directories: %v", whitelist)
+	logrus.Debugf("Mounted directories: %v", ignorelist)
 	extractedFiles := []string{}
 	for i, l := range layers {
@ -195,19 +195,19 @@ func DeleteFilesystem() error {
 			return nil
 		}
-		if CheckWhitelist(path) {
+		if CheckIgnoreList(path) {
 			if !isExist(path) {
-				logrus.Debugf("Path %s whitelisted, but not exists", path)
+				logrus.Debugf("Path %s ignored, but not exists", path)
 				return nil
 			}
 			if info.IsDir() {
 				return filepath.SkipDir
 			}
-			logrus.Debugf("Not deleting %s, as it's whitelisted", path)
+			logrus.Debugf("Not deleting %s, as it's ignored", path)
 			return nil
 		}
-		if childDirInWhitelist(path) {
+		if childDirInIgnoreList(path) {
-			logrus.Debugf("Not deleting %s, as it contains a whitelisted path", path)
+			logrus.Debugf("Not deleting %s, as it contains a ignored path", path)
 			return nil
 		}
 		if path == config.RootDir {
@ -225,9 +225,9 @@ func isExist(path string) bool {
 	return false
 }
-// ChildDirInWhitelist returns true if there is a child file or directory of the path in the whitelist
+// childDirInIgnoreList returns true if there is a child file or directory of the path in the ignorelist
-func childDirInWhitelist(path string) bool {
+func childDirInIgnoreList(path string) bool {
-	for _, d := range whitelist {
+	for _, d := range ignorelist {
 		if HasFilepathPrefix(d.Path, path, d.PrefixMatchOnly) {
 			return true
 		}
@ -268,8 +268,8 @@ func ExtractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 		return err
 	}
-	if CheckWhitelist(abs) && !checkWhitelistRoot(dest) {
+	if CheckIgnoreList(abs) && !checkIgnoreListRoot(dest) {
-		logrus.Debugf("Not adding %s because it is whitelisted", path)
+		logrus.Debugf("Not adding %s because it is ignored", path)
 		return nil
 	}
 	switch hdr.Typeflag {
@ -325,8 +325,8 @@ func ExtractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 		if err != nil {
 			return err
 		}
-		if CheckWhitelist(abs) {
+		if CheckIgnoreList(abs) {
-			logrus.Tracef("skipping symlink from %s to %s because %s is whitelisted", hdr.Linkname, path, hdr.Linkname)
+			logrus.Tracef("skipping symlink from %s to %s because %s is ignored", hdr.Linkname, path, hdr.Linkname)
 			return nil
 		}
 		// The base directory for a link may not exist before it is created.
@ -365,11 +365,11 @@ func ExtractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 	return nil
 }
-func IsInWhitelist(path string) bool {
+func IsInIgnoreList(path string) bool {
-	return IsInProvidedWhitelist(path, whitelist)
+	return IsInProvidedIgnoreList(path, ignorelist)
 }
-func IsInProvidedWhitelist(path string, wl []WhitelistEntry) bool {
+func IsInProvidedIgnoreList(path string, wl []IgnoreListEntry) bool {
 	for _, entry := range wl {
 		if !entry.PrefixMatchOnly && path == entry.Path {
 			return true
@ -378,8 +378,8 @@ func IsInProvidedWhitelist(path string, wl []WhitelistEntry) bool {
 	return false
 }
-func CheckWhitelist(path string) bool {
+func CheckIgnoreList(path string) bool {
-	for _, wl := range whitelist {
+	for _, wl := range ignorelist {
 		if HasFilepathPrefix(path, wl.Path, wl.PrefixMatchOnly) {
 			return true
 		}
@ -388,21 +388,21 @@ func CheckWhitelist(path string) bool {
 	return false
 }
-func checkWhitelistRoot(root string) bool {
+func checkIgnoreListRoot(root string) bool {
 	if root == config.RootDir {
 		return false
 	}
-	return CheckWhitelist(root)
+	return CheckIgnoreList(root)
 }
-// Get whitelist from roots of mounted files
+// Get ignorelist from roots of mounted files
 // Each line of /proc/self/mountinfo is in the form:
 // 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
 // (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
 // Where (5) is the mount point relative to the process's root
 // From: https://www.kernel.org/doc/Documentation/filesystems/proc.txt
-func DetectFilesystemWhitelist(path string) error {
+func DetectFilesystemIgnoreList(path string) error {
-	whitelist = initialWhitelist
+	ignorelist = initialIgnoreList
 	volumes = []string{}
 	f, err := os.Open(path)
 	if err != nil {
@ -426,7 +426,7 @@ func DetectFilesystemWhitelist(path string) error {
 		}
 		if lineArr[4] != config.RootDir {
 			logrus.Tracef("Appending %s from line: %s", lineArr[4], line)
-			whitelist = append(whitelist, WhitelistEntry{
+			ignorelist = append(ignorelist, IgnoreListEntry{
 				Path:            lineArr[4],
 				PrefixMatchOnly: false,
 			})
@ -448,7 +448,7 @@ func RelativeFiles(fp string, root string) ([]string, error) {
 		if err != nil {
 			return err
 		}
-		if CheckWhitelist(path) && !HasFilepathPrefix(path, root, false) {
+		if CheckIgnoreList(path) && !HasFilepathPrefix(path, root, false) {
 			return nil
 		}
 		relPath, err := filepath.Rel(root, path)
@ -522,10 +522,10 @@ func CreateFile(path string, reader io.Reader, perm os.FileMode, uid uint32, gid
 	return setFilePermissions(path, perm, int(uid), int(gid))
 }
-// AddVolumePath adds the given path to the volume whitelist.
+// AddVolumePath adds the given path to the volume ignorelist.
-func AddVolumePathToWhitelist(path string) {
+func AddVolumePathToIgnoreList(path string) {
-	logrus.Infof("adding volume %s to whitelist", path)
+	logrus.Infof("adding volume %s to ignorelist", path)
-	whitelist = append(whitelist, WhitelistEntry{
+	ignorelist = append(ignorelist, IgnoreListEntry{
 		Path:            path,
 		PrefixMatchOnly: true,
 	})
@ -861,13 +861,13 @@ func createParentDirectory(path string) error {
 	return nil
 }
-// UpdateInitialWhitelist will add /var/run to whitelisted paths if
+// UpdateInitialIgnoreList will add /var/run to ignored paths if
-func UpdateWhitelist(whitelistVarRun bool) {
+func UpdateInitialIgnoreList(ignoreVarRun bool) {
-	if !whitelistVarRun {
+	if !ignoreVarRun {
 		return
 	}
-	logrus.Trace("Adding /var/run to initialWhitelist ")
+	logrus.Trace("Adding /var/run to initialIgnoreList ")
-	initialWhitelist = append(initialWhitelist, WhitelistEntry{
+	initialIgnoreList = append(initialIgnoreList, IgnoreListEntry{
 		// /var/run is a special case. It's common to mount in /var/run/docker.sock or something similar
 		// which leads to a special mount on the /var/run/docker.sock file itself, but the directory to exist
 		// in the image with no way to tell if it came from the base image or not.
--- a/pkg/util/fs_util_test.go
+++ b/pkg/util/fs_util_test.go
@ -38,7 +38,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/types"
 )
-func Test_DetectFilesystemWhitelist(t *testing.T) {
+func Test_DetectFilesystemSkiplist(t *testing.T) {
 	testDir, err := ioutil.TempDir("", "")
 	if err != nil {
 		t.Fatalf("Error creating tempdir: %s", err)
@ -58,8 +58,8 @@ func Test_DetectFilesystemWhitelist(t *testing.T) {
 		t.Fatalf("Error writing file contents to %s: %s", path, err)
 	}
-	err = DetectFilesystemWhitelist(path)
+	err = DetectFilesystemIgnoreList(path)
-	expectedWhitelist := []WhitelistEntry{
+	expectedSkiplist := []IgnoreListEntry{
 		{"/kaniko", false},
 		{"/proc", false},
 		{"/dev", false},
@ -68,14 +68,14 @@ func Test_DetectFilesystemWhitelist(t *testing.T) {
 		{"/etc/mtab", false},
 		{"/tmp/apt-key-gpghome", true},
 	}
-	actualWhitelist := whitelist
+	actualSkiplist := ignorelist
-	sort.Slice(actualWhitelist, func(i, j int) bool {
+	sort.Slice(actualSkiplist, func(i, j int) bool {
-		return actualWhitelist[i].Path < actualWhitelist[j].Path
+		return actualSkiplist[i].Path < actualSkiplist[j].Path
 	})
-	sort.Slice(expectedWhitelist, func(i, j int) bool {
+	sort.Slice(expectedSkiplist, func(i, j int) bool {
-		return expectedWhitelist[i].Path < expectedWhitelist[j].Path
+		return expectedSkiplist[i].Path < expectedSkiplist[j].Path
 	})
-	testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist)
+	testutil.CheckErrorAndDeepEqual(t, false, err, expectedSkiplist, actualSkiplist)
 }
 var tests = []struct {
@ -251,10 +251,10 @@ func Test_ParentDirectoriesWithoutLeadingSlash(t *testing.T) {
 	}
 }
-func Test_CheckWhitelist(t *testing.T) {
+func Test_CheckIgnoreList(t *testing.T) {
 	type args struct {
 		path       string
-		whitelist []WhitelistEntry
+		ignorelist []IgnoreListEntry
 	}
 	tests := []struct {
 		name string
@ -262,34 +262,34 @@ func Test_CheckWhitelist(t *testing.T) {
 		want bool
 	}{
 		{
-			name: "file whitelisted",
+			name: "file ignored",
 			args: args{
 				path:       "/foo",
-				whitelist: []WhitelistEntry{{"/foo", false}},
+				ignorelist: []IgnoreListEntry{{"/foo", false}},
 			},
 			want: true,
 		},
 		{
-			name: "directory whitelisted",
+			name: "directory ignored",
 			args: args{
 				path:       "/foo/bar",
-				whitelist: []WhitelistEntry{{"/foo", false}},
+				ignorelist: []IgnoreListEntry{{"/foo", false}},
 			},
 			want: true,
 		},
 		{
-			name: "grandparent whitelisted",
+			name: "grandparent ignored",
 			args: args{
 				path:       "/foo/bar/baz",
-				whitelist: []WhitelistEntry{{"/foo", false}},
+				ignorelist: []IgnoreListEntry{{"/foo", false}},
 			},
 			want: true,
 		},
 		{
-			name: "sibling whitelisted",
+			name: "sibling ignored",
 			args: args{
 				path:       "/foo/bar/baz",
-				whitelist: []WhitelistEntry{{"/foo/bat", false}},
+				ignorelist: []IgnoreListEntry{{"/foo/bat", false}},
 			},
 			want: false,
 		},
@ -297,21 +297,21 @@ func Test_CheckWhitelist(t *testing.T) {
 			name: "prefix match only ",
 			args: args{
 				path:       "/tmp/apt-key-gpghome.xft/gpg.key",
-				whitelist: []WhitelistEntry{{"/tmp/apt-key-gpghome.*", true}},
+				ignorelist: []IgnoreListEntry{{"/tmp/apt-key-gpghome.*", true}},
 			},
 			want: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			original := whitelist
+			original := ignorelist
 			defer func() {
-				whitelist = original
+				ignorelist = original
 			}()
-			whitelist = tt.args.whitelist
+			ignorelist = tt.args.ignorelist
-			got := CheckWhitelist(tt.args.path)
+			got := CheckIgnoreList(tt.args.path)
 			if got != tt.want {
-				t.Errorf("CheckWhitelist() = %v, want %v", got, tt.want)
+				t.Errorf("CheckIgnoreList() = %v, want %v", got, tt.want)
 			}
 		})
 	}
@ -879,10 +879,10 @@ func TestCopySymlink(t *testing.T) {
 	}
 }
-func Test_childDirInWhitelist(t *testing.T) {
+func Test_childDirInSkiplist(t *testing.T) {
 	type args struct {
 		path       string
-		whitelist []WhitelistEntry
+		ignorelist []IgnoreListEntry
 	}
 	tests := []struct {
 		name string
@ -890,17 +890,17 @@ func Test_childDirInWhitelist(t *testing.T) {
 		want bool
 	}{
 		{
-			name: "not in whitelist",
+			name: "not in ignorelist",
 			args: args{
 				path: "/foo",
 			},
 			want: false,
 		},
 		{
-			name: "child in whitelist",
+			name: "child in ignorelist",
 			args: args{
 				path: "/foo",
-				whitelist: []WhitelistEntry{
+				ignorelist: []IgnoreListEntry{
 					{
 						Path: "/foo/bar",
 					},
@ -909,16 +909,16 @@ func Test_childDirInWhitelist(t *testing.T) {
 			want: true,
 		},
 	}
-	oldWhitelist := whitelist
+	oldIgnoreList := ignorelist
 	defer func() {
-		whitelist = oldWhitelist
+		ignorelist = oldIgnoreList
 	}()
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			whitelist = tt.args.whitelist
+			ignorelist = tt.args.ignorelist
-			if got := childDirInWhitelist(tt.args.path); got != tt.want {
+			if got := childDirInIgnoreList(tt.args.path); got != tt.want {
-				t.Errorf("childDirInWhitelist() = %v, want %v", got, tt.want)
+				t.Errorf("childDirInIgnoreList() = %v, want %v", got, tt.want)
 			}
 		})
 	}
@ -1315,16 +1315,16 @@ func assertGetFSFromLayers(
 	}
 }
-func TestUpdateWhitelist(t *testing.T) {
+func TestUpdateSkiplist(t *testing.T) {
 	tests := []struct {
 		name       string
-		whitelistVarRun bool
+		skipVarRun bool
-		expected        []WhitelistEntry
+		expected   []IgnoreListEntry
 	}{
 		{
-			name:            "var/run whitelisted",
+			name:       "var/run ignored",
-			whitelistVarRun: true,
+			skipVarRun: true,
-			expected: []WhitelistEntry{
+			expected: []IgnoreListEntry{
 				{
 					Path:            "/kaniko",
 					PrefixMatchOnly: false,
@ -1344,8 +1344,8 @@ func TestUpdateWhitelist(t *testing.T) {
 			},
 		},
 		{
-			name: "var/run not whitelisted",
+			name: "var/run not ignored",
-			expected: []WhitelistEntry{
+			expected: []IgnoreListEntry{
 				{
 					Path:            "/kaniko",
 					PrefixMatchOnly: false,
@ -1363,16 +1363,16 @@ func TestUpdateWhitelist(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			original := initialWhitelist
+			original := initialIgnoreList
-			defer func() { initialWhitelist = original }()
+			defer func() { initialIgnoreList = original }()
-			UpdateWhitelist(tt.whitelistVarRun)
+			UpdateInitialIgnoreList(tt.skipVarRun)
 			sort.Slice(tt.expected, func(i, j int) bool {
 				return tt.expected[i].Path < tt.expected[j].Path
 			})
-			sort.Slice(initialWhitelist, func(i, j int) bool {
+			sort.Slice(initialIgnoreList, func(i, j int) bool {
-				return initialWhitelist[i].Path < initialWhitelist[j].Path
+				return initialIgnoreList[i].Path < initialIgnoreList[j].Path
 			})
-			testutil.CheckDeepEqual(t, tt.expected, initialWhitelist)
+			testutil.CheckDeepEqual(t, tt.expected, initialIgnoreList)
 		})
 	}
 }