github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-10-31 01:13:02 +00:00
Code Issues Projects Releases Wiki Activity

config: Add examples for path_list configuration

Browse Source 
The path_list configuration gives a series of regular expressions that
limit which values are acceptable through annotations in order to
avoid kata launching arbitrary binaries on the host when receiving an
annotation.

Fixes: #901

Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
This commit is contained in:
Christophe de Dinechin
2020-05-15 17:40:43 +02:00
parent 2d431c61c6
commit 076690179d
4 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/runtime/cli/config/configuration-acrn.toml.in
View File

@@ -16,6 +16,10 @@ ctlpath = "@ACRNCTLPATH@"
kernel = "@KERNELPATH_ACRN@" kernel = "@KERNELPATH_ACRN@"
image = "@IMAGEPATH@" image = "@IMAGEPATH@"
# List of valid annotations values for the hypervisor (default: empty)
# Each member of the list can be a regular expression
# path_list = [ "@ACRNPATH@.*" ]
# Optional space-separated list of options to pass to the guest kernel. # Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having # For example, use `kernel_params = "vsyscall=emulate"` if you are having
# trouble running pre-2.15 glibc. # trouble running pre-2.15 glibc.

3
src/runtime/cli/config/configuration-clh.toml.in
View File

@@ -12,6 +12,9 @@
[hypervisor.clh] [hypervisor.clh]
path = "@CLHPATH@" path = "@CLHPATH@"
# List of valid annotations values for the hypervisor (default: empty)
# Each member of the list can be a regular expression
# path_list = [ "@CLHPATH@.*" ]
kernel = "@KERNELPATH_CLH@" kernel = "@KERNELPATH_CLH@"
image = "@IMAGEPATH@" image = "@IMAGEPATH@"

10
src/runtime/cli/config/configuration-fc.toml.in
View File

@@ -12,6 +12,13 @@
[hypervisor.firecracker] [hypervisor.firecracker]
path = "@FCPATH@" path = "@FCPATH@"
kernel = "@KERNELPATH_FC@"
image = "@IMAGEPATH@"
# List of valid annotations values for the hypervisor (default: empty)
# Each member of the list can be a regular expression
# path_list = [ "@FCPATH@.*" ]
# Path for the jailer specific to firecracker # Path for the jailer specific to firecracker
# If the jailer path is not set kata will launch firecracker # If the jailer path is not set kata will launch firecracker
# without a jail. If the jailer is set firecracker will be # without a jail. If the jailer is set firecracker will be
@@ -19,8 +26,7 @@ path = "@FCPATH@"
# This is disabled by default as additional setup is required # This is disabled by default as additional setup is required
# for this feature today. # for this feature today.
#jailer_path = "@FCJAILERPATH@" #jailer_path = "@FCJAILERPATH@"
kernel = "@KERNELPATH_FC@"
image = "@IMAGEPATH@"
# Optional space-separated list of options to pass to the guest kernel. # Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having # For example, use `kernel_params = "vsyscall=emulate"` if you are having

4
src/runtime/cli/config/configuration-qemu-virtiofs.toml.in
View File

@@ -16,6 +16,10 @@ kernel = "@KERNELVIRTIOFSPATH@"
image = "@IMAGEPATH@" image = "@IMAGEPATH@"
machine_type = "@MACHINETYPE@" machine_type = "@MACHINETYPE@"
# List of valid annotations values for the hypervisor (default: empty)
# Each member of the list can be a regular expression
# path_list = [ "@QEMUPATH@.*" ]
# Optional space-separated list of options to pass to the guest kernel. # Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having # For example, use `kernel_params = "vsyscall=emulate"` if you are having
# trouble running pre-2.15 glibc. # trouble running pre-2.15 glibc.