config: Add 'List' alternates for hypervisor configuration paths

Paths mentioned in the hypervisor configuration can be overriden using annotations, which is potentially dangerous. For each path, add a 'List' variant that specifies the list of acceptable values from annotations. Bug: https://bugs.launchpad.net/katacontainers.io/+bug/1878234 Fixes: #3004 Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
kata-containers · Nov 11, 2020 · 9ac0e93 · 9ac0e93
1 parent 4111ef8
commit 9ac0e93
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go
@@ -85,9 +85,12 @@ type factory struct {
 
 type hypervisor struct {
 	Path                    string   `toml:"path"`
+	PathList                []string `toml:"path_list"`
 	JailerPath              string   `toml:"jailer_path"`
+	JailerPathList          []string `toml:"jailer_path_list"`
 	Kernel                  string   `toml:"kernel"`
 	CtlPath                 string   `toml:"ctlpath"`
+	CtlPathList             []string `toml:"ctlpath_list"`
 	Initrd                  string   `toml:"initrd"`
 	Image                   string   `toml:"image"`
 	Firmware                string   `toml:"firmware"`
@@ -98,6 +101,7 @@ type hypervisor struct {
 	EntropySource           string   `toml:"entropy_source"`
 	SharedFS                string   `toml:"shared_fs"`
 	VirtioFSDaemon          string   `toml:"virtio_fs_daemon"`
+	VirtioFSDaemonList      []string `toml:"virtio_fs_daemon_list"`
 	VirtioFSCache           string   `toml:"virtio_fs_cache"`
 	VirtioFSExtraArgs       []string `toml:"virtio_fs_extra_args"`
 	VirtioFSCacheSize       uint32   `toml:"virtio_fs_cache_size"`
@@ -106,6 +110,7 @@ type hypervisor struct {
 	BlockDeviceCacheNoflush bool     `toml:"block_device_cache_noflush"`
 	EnableVhostUserStore    bool     `toml:"enable_vhost_user_store"`
 	VhostUserStorePath      string   `toml:"vhost_user_store_path"`
+	VhostUserStorePathList  []string `toml:"vhost_user_store_path_list"`
 	NumVCPUs                int32    `toml:"default_vcpus"`
 	DefaultMaxVCPUs         uint32   `toml:"default_maxvcpus"`
 	MemorySize              uint32   `toml:"default_memory"`
@@ -119,6 +124,7 @@ type hypervisor struct {
 	HugePages               bool     `toml:"enable_hugepages"`
 	VirtioMem               bool     `toml:"enable_virtio_mem"`
 	FileBackedMemRootDir    string   `toml:"file_mem_backend"`
+	FileBackedMemRootList   []string `toml:"file_mem_backend_list"`
 	Swap                    bool     `toml:"enable_swap"`
 	Debug                   bool     `toml:"enable_debug"`
 	DisableNestingChecks    bool     `toml:"disable_nesting_checks"`
@@ -640,6 +646,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 		DisableBlockDeviceUse:   h.DisableBlockDeviceUse,
 		SharedFS:                sharedFS,
 		VirtioFSDaemon:          h.VirtioFSDaemon,
+		VirtioFSDaemonList:      h.VirtioFSDaemonList,
 		VirtioFSCacheSize:       h.VirtioFSCacheSize,
 		VirtioFSCache:           h.defaultVirtioFSCache(),
 		VirtioFSExtraArgs:       h.VirtioFSExtraArgs,