Skip to content

Commit

Permalink
config: Add 'List' alternates for hypervisor configuration paths
Browse files Browse the repository at this point in the history
Paths mentioned in the hypervisor configuration can be overriden
using annotations, which is potentially dangerous. For each path,
add a 'List' variant that specifies the list of acceptable values
from annotations.

Bug: https://bugs.launchpad.net/katacontainers.io/+bug/1878234
Fixes: kata-containers#3004

Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
  • Loading branch information
c3d committed Oct 9, 2020
1 parent d5acbad commit befc9be
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions pkg/katautils/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,12 @@ type factory struct {

type hypervisor struct {
Path string `toml:"path"`
PathList []string `toml:"path_list"`
JailerPath string `toml:"jailer_path"`
JailerPathList []string `toml:"jailer_path_list"`
Kernel string `toml:"kernel"`
CtlPath string `toml:"ctlpath"`
CtlPathList []string `toml:"ctlpath_list"`
Initrd string `toml:"initrd"`
Image string `toml:"image"`
Firmware string `toml:"firmware"`
Expand All @@ -100,6 +103,7 @@ type hypervisor struct {
EntropySource string `toml:"entropy_source"`
SharedFS string `toml:"shared_fs"`
VirtioFSDaemon string `toml:"virtio_fs_daemon"`
VirtioFSDaemonList []string `toml:"virtio_fs_daemon_list"`
VirtioFSCache string `toml:"virtio_fs_cache"`
VirtioFSExtraArgs []string `toml:"virtio_fs_extra_args"`
VirtioFSCacheSize uint32 `toml:"virtio_fs_cache_size"`
Expand All @@ -108,6 +112,7 @@ type hypervisor struct {
BlockDeviceCacheNoflush bool `toml:"block_device_cache_noflush"`
EnableVhostUserStore bool `toml:"enable_vhost_user_store"`
VhostUserStorePath string `toml:"vhost_user_store_path"`
VhostUserStorePathList []string `toml:"vhost_user_store_path_list"`
NumVCPUs int32 `toml:"default_vcpus"`
DefaultMaxVCPUs uint32 `toml:"default_maxvcpus"`
MemorySize uint32 `toml:"default_memory"`
Expand All @@ -123,6 +128,7 @@ type hypervisor struct {
IOMMU bool `toml:"enable_iommu"`
IOMMUPlatform bool `toml:"enable_iommu_platform"`
FileBackedMemRootDir string `toml:"file_mem_backend"`
FileBackedMemRootList []string `toml:"file_mem_backend_list"`
Swap bool `toml:"enable_swap"`
Debug bool `toml:"enable_debug"`
DisableNestingChecks bool `toml:"disable_nesting_checks"`
Expand Down Expand Up @@ -675,6 +681,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
DisableBlockDeviceUse: h.DisableBlockDeviceUse,
SharedFS: sharedFS,
VirtioFSDaemon: h.VirtioFSDaemon,
VirtioFSDaemonList: h.VirtioFSDaemonList,
VirtioFSCacheSize: h.VirtioFSCacheSize,
VirtioFSCache: h.defaultVirtioFSCache(),
VirtioFSExtraArgs: h.VirtioFSExtraArgs,
Expand Down

0 comments on commit befc9be

Please sign in to comment.