docs: remove use of the term 'whitelist' from cgroup docs

The term "access control list" better describes the concept involved.
Reviewed-by: NPeter Krempa <pkrempa@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

docs/drvqemu.html.in

@@ -468,12 +468,12 @@ chmod o+x /path/to/directory
       for resource management. It is implemented via a number of "controllers",
       each controller covering a specific task/functional area. One of the
       available controllers is the "devices" controller, which is able to
-      setup whitelists of block/character devices that a cgroup should be
-      allowed to access. If the "devices" controller is mounted on a host,
-      then libvirt will automatically create a dedicated cgroup for each
-      QEMU virtual machine and setup the device whitelist so that the QEMU
-      process can only access shared devices, and explicitly disks images
-      backed by block devices.
+      setup access control lists of block/character devices that a cgroup
+      should be allowed to access. If the "devices" controller is mounted on a
+      host, then libvirt will automatically create a dedicated cgroup for each
+      QEMU virtual machine and setup the device access control list so that the
+      QEMU process can only access shared devices, and explicitly assigned disks
+      images backed by block devices.
     </p>
 
     <p>

docs/kbase/qemu-passthrough-security.rst

@@ -110,7 +110,8 @@ Granting access per VM
   policy on a per VM basis.
 
 * Cgroups - a custom cgroup is created per VM and this will either use the
-  ``devices`` controller or an ``BPF`` rule to whitelist a set of device nodes.
+  ``devices`` controller or an ``BPF`` rule to define an access control list
+  for the set of device nodes.
   There is no way to change this policy on a per VM basis.
 
 Disabling security protection per VM