diff --git a/virtcontainers/pkg/annotations/annotations.go b/virtcontainers/pkg/annotations/annotations.go index ff62bb2415..ca86b4f18e 100644 --- a/virtcontainers/pkg/annotations/annotations.go +++ b/virtcontainers/pkg/annotations/annotations.go @@ -41,6 +41,9 @@ const ( // HypervisorPath is a sandbox annotation for passing a per container path pointing at the hypervisor that will run the container VM. HypervisorPath = kataAnnotHypervisorPrefix + "path" + // HypervisorCtlPath is a sandbox annotation for passing a per container path pointing at the hypervisor control binary that will run the container VM. + HypervisorCtlPath = kataAnnotHypervisorPrefix + "ctlpath" + // JailerPath is a sandbox annotation for passing a per container path pointing at the jailer that will constrain the container VM. JailerPath = kataAnnotHypervisorPrefix + "jailer_path" @@ -59,6 +62,9 @@ const ( // HypervisorHash is an sandbox annotation for passing a container hypervisor binary SHA-512 hash value. HypervisorHash = kataAnnotHypervisorPrefix + "hypervisor_hash" + // HypervisorCtlHash is a sandbox annotation for passing a container hypervisor control binary SHA-512 hash value. + HypervisorCtlHash = kataAnnotHypervisorPrefix + "hypervisorctl_hash" + // JailerHash is an sandbox annotation for passing a jailer binary SHA-512 hash value. JailerHash = kataAnnotHypervisorPrefix + "jailer_hash" diff --git a/virtcontainers/types/asset.go b/virtcontainers/types/asset.go index cac7d4b0d3..6f6241e3f0 100644 --- a/virtcontainers/types/asset.go +++ b/virtcontainers/types/asset.go @@ -29,6 +29,8 @@ func (t AssetType) Annotations() (string, string, error) { return annotations.InitrdPath, annotations.InitrdHash, nil case HypervisorAsset: return annotations.HypervisorPath, annotations.HypervisorHash, nil + case HypervisorCtlAsset: + return annotations.HypervisorCtlPath, annotations.HypervisorCtlHash, nil case JailerAsset: return annotations.JailerPath, annotations.JailerHash, nil case FirmwareAsset: @@ -93,6 +95,8 @@ func (a *Asset) Valid() bool { return true case HypervisorAsset: return true + case HypervisorCtlAsset: + return true case JailerAsset: return true case FirmwareAsset: diff --git a/virtcontainers/types/asset_test.go b/virtcontainers/types/asset_test.go index 567bd5775d..1d1dab0f04 100644 --- a/virtcontainers/types/asset_test.go +++ b/virtcontainers/types/asset_test.go @@ -116,6 +116,7 @@ func TestAssetNew(t *testing.T) { {annotations.ImagePath, annotations.ImageHash, ImageAsset, assetContentHash, false, false}, {annotations.InitrdPath, annotations.InitrdHash, InitrdAsset, assetContentHash, false, false}, {annotations.HypervisorPath, annotations.HypervisorHash, HypervisorAsset, assetContentHash, false, false}, + {annotations.HypervisorCtlPath, annotations.HypervisorCtlHash, HypervisorCtlAsset, assetContentHash, false, false}, {annotations.JailerPath, annotations.JailerHash, JailerAsset, assetContentHash, false, false}, {annotations.FirmwarePath, annotations.FirmwareHash, FirmwareAsset, assetContentHash, false, false}, @@ -124,6 +125,7 @@ func TestAssetNew(t *testing.T) { {annotations.ImagePath, annotations.ImageHash, ImageAsset, assetContentWrongHash, true, false}, {annotations.InitrdPath, annotations.InitrdHash, InitrdAsset, assetContentWrongHash, true, false}, {annotations.HypervisorPath, annotations.HypervisorHash, HypervisorAsset, assetContentWrongHash, true, false}, + {annotations.HypervisorCtlPath, annotations.HypervisorCtlHash, HypervisorCtlAsset, assetContentWrongHash, true, false}, {annotations.JailerPath, annotations.JailerHash, JailerAsset, assetContentWrongHash, true, false}, {annotations.FirmwarePath, annotations.FirmwareHash, FirmwareAsset, assetContentWrongHash, true, false},