From 5e98fec96df8b2250ae23fd1077f1313b5f51e6b Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 16 May 2023 20:00:03 +0900 Subject: [PATCH] features: add potentiallyUnsafeConfigAnnotations Fix issue 1202 Signed-off-by: Akihiro Suda --- features.md | 18 ++++++++++++++++++ schema/features-schema.json | 3 +++ specs-go/features/features.go | 6 ++++++ 3 files changed, 27 insertions(+) diff --git a/features.md b/features.md index 399b1f7a6..24cd65c3b 100644 --- a/features.md +++ b/features.md @@ -140,6 +140,24 @@ The current version of the spec do not provide a way to enumerate the possible v } ``` +## Unsafe annotations in `config.json` + +**`potentiallyUnsafeConfigAnnotations`** (array of strings, OPTIONAL) contains values of [`annotations` property of `config.json`](config.md#annotations) +that may potentially change the behavior of the runtime. + +A value that ends with "." is interpreted as a prefix of annotations. + +### Example +```json +"potentiallyUnsafeConfigAnnotations": [ + "com.example.foo.bar", + "org.systemd.property." +] +``` + +The example above matches `com.example.foo.bar`, `org.systemd.property.ExecStartPre`, etc. +The example does not match `com.example.foo.bar.baz`. + # Example Here is a full example for reference. diff --git a/schema/features-schema.json b/schema/features-schema.json index 30246fa5b..5a094a7dc 100644 --- a/schema/features-schema.json +++ b/schema/features-schema.json @@ -17,6 +17,9 @@ }, "annotations": { "$ref": "defs.json#/definitions/annotations" + }, + "potentiallyUnsafeConfigAnnotations": { + "$ref": "defs.json#/definitions/ArrayOfStrings" }, "linux": { "$ref": "features-linux.json#/linux" diff --git a/specs-go/features/features.go b/specs-go/features/features.go index 39009c79d..949f532b6 100644 --- a/specs-go/features/features.go +++ b/specs-go/features/features.go @@ -24,6 +24,12 @@ type Features struct { // Annotations contains implementation-specific annotation strings, // such as the implementation version, and third-party extensions. Annotations map[string]string `json:"annotations,omitempty"` + + // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations + // that may appear in `config.json`. + // + // A value that ends with "." is interpreted as a prefix of annotations. + PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"` } // Linux is specific to Linux.