diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES index 90d50128cb..888965d768 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/.openapi-generator/FILES @@ -18,6 +18,7 @@ docs/DeviceConfig.md docs/DeviceNode.md docs/DiskConfig.md docs/FsConfig.md +docs/LandlockConfig.md docs/MemoryConfig.md docs/MemoryZoneConfig.md docs/NetConfig.md @@ -63,6 +64,7 @@ model_device_config.go model_device_node.go model_disk_config.go model_fs_config.go +model_landlock_config.go model_memory_config.go model_memory_zone_config.go model_net_config.go diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md index 3e3c358475..c445c9c6a7 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md @@ -122,6 +122,7 @@ Class | Method | HTTP request | Description - [DeviceNode](docs/DeviceNode.md) - [DiskConfig](docs/DiskConfig.md) - [FsConfig](docs/FsConfig.md) + - [LandlockConfig](docs/LandlockConfig.md) - [MemoryConfig](docs/MemoryConfig.md) - [MemoryZoneConfig](docs/MemoryZoneConfig.md) - [NetConfig](docs/NetConfig.md) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml index fc815fe434..41c1627db2 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/api/openapi.yaml @@ -469,15 +469,6 @@ components: memory_actual_size: 4 state: Created config: - console: - mode: "Off" - file: file - iommu: false - socket: socket - balloon: - size: 6 - deflate_on_oom: false - free_page_reporting: false memory: hugepages: false shared: false @@ -573,6 +564,144 @@ components: serial: serial vhost_user: false id: id + sgx_epc: + - prefault: false + size: 7 + id: id + - prefault: false + size: 7 + id: id + fs: + - pci_segment: 6 + num_queues: 6 + queue_size: 5 + tag: tag + socket: socket + id: id + - pci_segment: 6 + num_queues: 6 + queue_size: 5 + tag: tag + socket: socket + id: id + vsock: + pci_segment: 8 + iommu: false + socket: socket + id: id + cid: 3 + platform: + iommu_segments: + - 1 + - 1 + num_pci_segments: 4 + oem_strings: + - oem_strings + - oem_strings + tdx: false + serial_number: serial_number + uuid: uuid + pmem: + - pci_segment: 3 + file: file + size: 3 + iommu: false + id: id + discard_writes: false + - pci_segment: 3 + file: file + size: 3 + iommu: false + id: id + discard_writes: false + iommu: false + payload: + cmdline: cmdline + kernel: kernel + initramfs: initramfs + firmware: firmware + rate_limit_groups: + - id: id + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + - id: id + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + debug_console: + mode: "Off" + iobase: 7 + file: file + net: + - tap: tap + host_mac: host_mac + num_queues: 6 + queue_size: 1 + ip: 192.168.249.1 + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + mac: mac + mtu: 3 + pci_segment: 2 + vhost_mode: Client + iommu: false + vhost_socket: vhost_socket + vhost_user: false + id: id + mask: 255.255.255.0 + - tap: tap + host_mac: host_mac + num_queues: 6 + queue_size: 1 + ip: 192.168.249.1 + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + mac: mac + mtu: 3 + pci_segment: 2 + vhost_mode: Client + iommu: false + vhost_socket: vhost_socket + vhost_user: false + id: id + mask: 255.255.255.0 + pvpanic: false + console: + mode: "Off" + file: file + iommu: false + socket: socket + balloon: + size: 6 + deflate_on_oom: false + free_page_reporting: false cpus: features: amx: true @@ -656,60 +785,9 @@ components: rng: iommu: false src: src - sgx_epc: - - prefault: false - size: 7 - id: id - - prefault: false - size: 7 - id: id - fs: - - pci_segment: 6 - num_queues: 6 - queue_size: 5 - tag: tag - socket: socket - id: id - - pci_segment: 6 - num_queues: 6 - queue_size: 5 - tag: tag - socket: socket - id: id - vsock: - pci_segment: 8 - iommu: false - socket: socket - id: id - cid: 3 - platform: - iommu_segments: - - 1 - - 1 - num_pci_segments: 4 - oem_strings: - - oem_strings - - oem_strings - tdx: false - serial_number: serial_number - uuid: uuid tpm: socket: socket - pmem: - - pci_segment: 3 - file: file - size: 3 - iommu: false - id: id - discard_writes: false - - pci_segment: 3 - file: file - size: 3 - iommu: false - id: id - discard_writes: false watchdog: false - iommu: false pci_segments: - pci_segment: 4 mmio32_aperture_weight: 0 @@ -717,89 +795,17 @@ components: - pci_segment: 4 mmio32_aperture_weight: 0 mmio64_aperture_weight: 6 - payload: - cmdline: cmdline - kernel: kernel - initramfs: initramfs - firmware: firmware + landlock_enable: false serial: mode: "Off" file: file iommu: false socket: socket - rate_limit_groups: - - id: id - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - - id: id - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - debug_console: - mode: "Off" - iobase: 7 - file: file - net: - - tap: tap - host_mac: host_mac - num_queues: 6 - queue_size: 1 - ip: 192.168.249.1 - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - mac: mac - mtu: 3 - pci_segment: 2 - vhost_mode: Client - iommu: false - vhost_socket: vhost_socket - vhost_user: false - id: id - mask: 255.255.255.0 - - tap: tap - host_mac: host_mac - num_queues: 6 - queue_size: 1 - ip: 192.168.249.1 - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - mac: mac - mtu: 3 - pci_segment: 2 - vhost_mode: Client - iommu: false - vhost_socket: vhost_socket - vhost_user: false - id: id - mask: 255.255.255.0 - pvpanic: false + landlock_rules: + - path: path + access: access + - path: path + access: access device_tree: key: children: @@ -896,15 +902,6 @@ components: VmConfig: description: Virtual machine configuration example: - console: - mode: "Off" - file: file - iommu: false - socket: socket - balloon: - size: 6 - deflate_on_oom: false - free_page_reporting: false memory: hugepages: false shared: false @@ -1000,6 +997,144 @@ components: serial: serial vhost_user: false id: id + sgx_epc: + - prefault: false + size: 7 + id: id + - prefault: false + size: 7 + id: id + fs: + - pci_segment: 6 + num_queues: 6 + queue_size: 5 + tag: tag + socket: socket + id: id + - pci_segment: 6 + num_queues: 6 + queue_size: 5 + tag: tag + socket: socket + id: id + vsock: + pci_segment: 8 + iommu: false + socket: socket + id: id + cid: 3 + platform: + iommu_segments: + - 1 + - 1 + num_pci_segments: 4 + oem_strings: + - oem_strings + - oem_strings + tdx: false + serial_number: serial_number + uuid: uuid + pmem: + - pci_segment: 3 + file: file + size: 3 + iommu: false + id: id + discard_writes: false + - pci_segment: 3 + file: file + size: 3 + iommu: false + id: id + discard_writes: false + iommu: false + payload: + cmdline: cmdline + kernel: kernel + initramfs: initramfs + firmware: firmware + rate_limit_groups: + - id: id + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + - id: id + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + debug_console: + mode: "Off" + iobase: 7 + file: file + net: + - tap: tap + host_mac: host_mac + num_queues: 6 + queue_size: 1 + ip: 192.168.249.1 + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + mac: mac + mtu: 3 + pci_segment: 2 + vhost_mode: Client + iommu: false + vhost_socket: vhost_socket + vhost_user: false + id: id + mask: 255.255.255.0 + - tap: tap + host_mac: host_mac + num_queues: 6 + queue_size: 1 + ip: 192.168.249.1 + rate_limiter_config: + ops: + size: 0 + one_time_burst: 0 + refill_time: 0 + bandwidth: + size: 0 + one_time_burst: 0 + refill_time: 0 + mac: mac + mtu: 3 + pci_segment: 2 + vhost_mode: Client + iommu: false + vhost_socket: vhost_socket + vhost_user: false + id: id + mask: 255.255.255.0 + pvpanic: false + console: + mode: "Off" + file: file + iommu: false + socket: socket + balloon: + size: 6 + deflate_on_oom: false + free_page_reporting: false cpus: features: amx: true @@ -1083,60 +1218,9 @@ components: rng: iommu: false src: src - sgx_epc: - - prefault: false - size: 7 - id: id - - prefault: false - size: 7 - id: id - fs: - - pci_segment: 6 - num_queues: 6 - queue_size: 5 - tag: tag - socket: socket - id: id - - pci_segment: 6 - num_queues: 6 - queue_size: 5 - tag: tag - socket: socket - id: id - vsock: - pci_segment: 8 - iommu: false - socket: socket - id: id - cid: 3 - platform: - iommu_segments: - - 1 - - 1 - num_pci_segments: 4 - oem_strings: - - oem_strings - - oem_strings - tdx: false - serial_number: serial_number - uuid: uuid tpm: socket: socket - pmem: - - pci_segment: 3 - file: file - size: 3 - iommu: false - id: id - discard_writes: false - - pci_segment: 3 - file: file - size: 3 - iommu: false - id: id - discard_writes: false watchdog: false - iommu: false pci_segments: - pci_segment: 4 mmio32_aperture_weight: 0 @@ -1144,89 +1228,17 @@ components: - pci_segment: 4 mmio32_aperture_weight: 0 mmio64_aperture_weight: 6 - payload: - cmdline: cmdline - kernel: kernel - initramfs: initramfs - firmware: firmware + landlock_enable: false serial: mode: "Off" file: file iommu: false socket: socket - rate_limit_groups: - - id: id - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - - id: id - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - debug_console: - mode: "Off" - iobase: 7 - file: file - net: - - tap: tap - host_mac: host_mac - num_queues: 6 - queue_size: 1 - ip: 192.168.249.1 - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - mac: mac - mtu: 3 - pci_segment: 2 - vhost_mode: Client - iommu: false - vhost_socket: vhost_socket - vhost_user: false - id: id - mask: 255.255.255.0 - - tap: tap - host_mac: host_mac - num_queues: 6 - queue_size: 1 - ip: 192.168.249.1 - rate_limiter_config: - ops: - size: 0 - one_time_burst: 0 - refill_time: 0 - bandwidth: - size: 0 - one_time_burst: 0 - refill_time: 0 - mac: mac - mtu: 3 - pci_segment: 2 - vhost_mode: Client - iommu: false - vhost_socket: vhost_socket - vhost_user: false - id: id - mask: 255.255.255.0 - pvpanic: false + landlock_rules: + - path: path + access: access + - path: path + access: access properties: cpus: $ref: '#/components/schemas/CpusConfig' @@ -1299,6 +1311,13 @@ components: $ref: '#/components/schemas/PlatformConfig' tpm: $ref: '#/components/schemas/TpmConfig' + landlock_enable: + default: false + type: boolean + landlock_rules: + items: + $ref: '#/components/schemas/LandlockConfig' + type: array required: - payload type: object @@ -2188,3 +2207,16 @@ components: required: - socket type: object + LandlockConfig: + example: + path: path + access: access + properties: + path: + type: string + access: + type: string + required: + - access + - path + type: object diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/LandlockConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/LandlockConfig.md new file mode 100644 index 0000000000..6e22ea3bd1 --- /dev/null +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/LandlockConfig.md @@ -0,0 +1,72 @@ +# LandlockConfig + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**Path** | **string** | | +**Access** | **string** | | + +## Methods + +### NewLandlockConfig + +`func NewLandlockConfig(path string, access string, ) *LandlockConfig` + +NewLandlockConfig instantiates a new LandlockConfig object +This constructor will assign default values to properties that have it defined, +and makes sure properties required by API are set, but the set of arguments +will change when the set of required properties is changed + +### NewLandlockConfigWithDefaults + +`func NewLandlockConfigWithDefaults() *LandlockConfig` + +NewLandlockConfigWithDefaults instantiates a new LandlockConfig object +This constructor will only assign default values to properties that have it defined, +but it doesn't guarantee that properties required by API are set + +### GetPath + +`func (o *LandlockConfig) GetPath() string` + +GetPath returns the Path field if non-nil, zero value otherwise. + +### GetPathOk + +`func (o *LandlockConfig) GetPathOk() (*string, bool)` + +GetPathOk returns a tuple with the Path field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetPath + +`func (o *LandlockConfig) SetPath(v string)` + +SetPath sets Path field to given value. + + +### GetAccess + +`func (o *LandlockConfig) GetAccess() string` + +GetAccess returns the Access field if non-nil, zero value otherwise. + +### GetAccessOk + +`func (o *LandlockConfig) GetAccessOk() (*string, bool)` + +GetAccessOk returns a tuple with the Access field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetAccess + +`func (o *LandlockConfig) SetAccess(v string)` + +SetAccess sets Access field to given value. + + + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md index f6645c531d..70b89e580d 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/docs/VmConfig.md @@ -28,6 +28,8 @@ Name | Type | Description | Notes **PciSegments** | Pointer to [**[]PciSegmentConfig**](PciSegmentConfig.md) | | [optional] **Platform** | Pointer to [**PlatformConfig**](PlatformConfig.md) | | [optional] **Tpm** | Pointer to [**TpmConfig**](TpmConfig.md) | | [optional] +**LandlockEnable** | Pointer to **bool** | | [optional] [default to false] +**LandlockRules** | Pointer to [**[]LandlockConfig**](LandlockConfig.md) | | [optional] ## Methods @@ -643,6 +645,56 @@ SetTpm sets Tpm field to given value. HasTpm returns a boolean if a field has been set. +### GetLandlockEnable + +`func (o *VmConfig) GetLandlockEnable() bool` + +GetLandlockEnable returns the LandlockEnable field if non-nil, zero value otherwise. + +### GetLandlockEnableOk + +`func (o *VmConfig) GetLandlockEnableOk() (*bool, bool)` + +GetLandlockEnableOk returns a tuple with the LandlockEnable field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetLandlockEnable + +`func (o *VmConfig) SetLandlockEnable(v bool)` + +SetLandlockEnable sets LandlockEnable field to given value. + +### HasLandlockEnable + +`func (o *VmConfig) HasLandlockEnable() bool` + +HasLandlockEnable returns a boolean if a field has been set. + +### GetLandlockRules + +`func (o *VmConfig) GetLandlockRules() []LandlockConfig` + +GetLandlockRules returns the LandlockRules field if non-nil, zero value otherwise. + +### GetLandlockRulesOk + +`func (o *VmConfig) GetLandlockRulesOk() (*[]LandlockConfig, bool)` + +GetLandlockRulesOk returns a tuple with the LandlockRules field if it's non-nil, zero value otherwise +and a boolean to check if the value has been set. + +### SetLandlockRules + +`func (o *VmConfig) SetLandlockRules(v []LandlockConfig)` + +SetLandlockRules sets LandlockRules field to given value. + +### HasLandlockRules + +`func (o *VmConfig) HasLandlockRules() bool` + +HasLandlockRules returns a boolean if a field has been set. + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_landlock_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_landlock_config.go new file mode 100644 index 0000000000..c503f7e01d --- /dev/null +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_landlock_config.go @@ -0,0 +1,135 @@ +/* +Cloud Hypervisor API + +Local HTTP based API for managing and inspecting a cloud-hypervisor virtual machine. + +API version: 0.3.0 +*/ + +// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT. + +package openapi + +import ( + "encoding/json" +) + +// LandlockConfig struct for LandlockConfig +type LandlockConfig struct { + Path string `json:"path"` + Access string `json:"access"` +} + +// NewLandlockConfig instantiates a new LandlockConfig object +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed +func NewLandlockConfig(path string, access string) *LandlockConfig { + this := LandlockConfig{} + this.Path = path + this.Access = access + return &this +} + +// NewLandlockConfigWithDefaults instantiates a new LandlockConfig object +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set +func NewLandlockConfigWithDefaults() *LandlockConfig { + this := LandlockConfig{} + return &this +} + +// GetPath returns the Path field value +func (o *LandlockConfig) GetPath() string { + if o == nil { + var ret string + return ret + } + + return o.Path +} + +// GetPathOk returns a tuple with the Path field value +// and a boolean to check if the value has been set. +func (o *LandlockConfig) GetPathOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Path, true +} + +// SetPath sets field value +func (o *LandlockConfig) SetPath(v string) { + o.Path = v +} + +// GetAccess returns the Access field value +func (o *LandlockConfig) GetAccess() string { + if o == nil { + var ret string + return ret + } + + return o.Access +} + +// GetAccessOk returns a tuple with the Access field value +// and a boolean to check if the value has been set. +func (o *LandlockConfig) GetAccessOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Access, true +} + +// SetAccess sets field value +func (o *LandlockConfig) SetAccess(v string) { + o.Access = v +} + +func (o LandlockConfig) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if true { + toSerialize["path"] = o.Path + } + if true { + toSerialize["access"] = o.Access + } + return json.Marshal(toSerialize) +} + +type NullableLandlockConfig struct { + value *LandlockConfig + isSet bool +} + +func (v NullableLandlockConfig) Get() *LandlockConfig { + return v.value +} + +func (v *NullableLandlockConfig) Set(val *LandlockConfig) { + v.value = val + v.isSet = true +} + +func (v NullableLandlockConfig) IsSet() bool { + return v.isSet +} + +func (v *NullableLandlockConfig) Unset() { + v.value = nil + v.isSet = false +} + +func NewNullableLandlockConfig(val *LandlockConfig) *NullableLandlockConfig { + return &NullableLandlockConfig{value: val, isSet: true} +} + +func (v NullableLandlockConfig) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +func (v *NullableLandlockConfig) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go index 128c3a9969..fc853e4679 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/client/model_vm_config.go @@ -40,6 +40,8 @@ type VmConfig struct { PciSegments *[]PciSegmentConfig `json:"pci_segments,omitempty"` Platform *PlatformConfig `json:"platform,omitempty"` Tpm *TpmConfig `json:"tpm,omitempty"` + LandlockEnable *bool `json:"landlock_enable,omitempty"` + LandlockRules *[]LandlockConfig `json:"landlock_rules,omitempty"` } // NewVmConfig instantiates a new VmConfig object @@ -55,6 +57,8 @@ func NewVmConfig(payload PayloadConfig) *VmConfig { this.Watchdog = &watchdog var pvpanic bool = false this.Pvpanic = &pvpanic + var landlockEnable bool = false + this.LandlockEnable = &landlockEnable return &this } @@ -69,6 +73,8 @@ func NewVmConfigWithDefaults() *VmConfig { this.Watchdog = &watchdog var pvpanic bool = false this.Pvpanic = &pvpanic + var landlockEnable bool = false + this.LandlockEnable = &landlockEnable return &this } @@ -832,6 +838,70 @@ func (o *VmConfig) SetTpm(v TpmConfig) { o.Tpm = &v } +// GetLandlockEnable returns the LandlockEnable field value if set, zero value otherwise. +func (o *VmConfig) GetLandlockEnable() bool { + if o == nil || o.LandlockEnable == nil { + var ret bool + return ret + } + return *o.LandlockEnable +} + +// GetLandlockEnableOk returns a tuple with the LandlockEnable field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *VmConfig) GetLandlockEnableOk() (*bool, bool) { + if o == nil || o.LandlockEnable == nil { + return nil, false + } + return o.LandlockEnable, true +} + +// HasLandlockEnable returns a boolean if a field has been set. +func (o *VmConfig) HasLandlockEnable() bool { + if o != nil && o.LandlockEnable != nil { + return true + } + + return false +} + +// SetLandlockEnable gets a reference to the given bool and assigns it to the LandlockEnable field. +func (o *VmConfig) SetLandlockEnable(v bool) { + o.LandlockEnable = &v +} + +// GetLandlockRules returns the LandlockRules field value if set, zero value otherwise. +func (o *VmConfig) GetLandlockRules() []LandlockConfig { + if o == nil || o.LandlockRules == nil { + var ret []LandlockConfig + return ret + } + return *o.LandlockRules +} + +// GetLandlockRulesOk returns a tuple with the LandlockRules field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *VmConfig) GetLandlockRulesOk() (*[]LandlockConfig, bool) { + if o == nil || o.LandlockRules == nil { + return nil, false + } + return o.LandlockRules, true +} + +// HasLandlockRules returns a boolean if a field has been set. +func (o *VmConfig) HasLandlockRules() bool { + if o != nil && o.LandlockRules != nil { + return true + } + + return false +} + +// SetLandlockRules gets a reference to the given []LandlockConfig and assigns it to the LandlockRules field. +func (o *VmConfig) SetLandlockRules(v []LandlockConfig) { + o.LandlockRules = &v +} + func (o VmConfig) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} if o.Cpus != nil { @@ -906,6 +976,12 @@ func (o VmConfig) MarshalJSON() ([]byte, error) { if o.Tpm != nil { toSerialize["tpm"] = o.Tpm } + if o.LandlockEnable != nil { + toSerialize["landlock_enable"] = o.LandlockEnable + } + if o.LandlockRules != nil { + toSerialize["landlock_rules"] = o.LandlockRules + } return json.Marshal(toSerialize) } diff --git a/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml b/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml index 27235ad7f5..b7074fdb5a 100644 --- a/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml +++ b/src/runtime/virtcontainers/pkg/cloud-hypervisor/cloud-hypervisor.yaml @@ -626,6 +626,13 @@ components: $ref: "#/components/schemas/PlatformConfig" tpm: $ref: "#/components/schemas/TpmConfig" + landlock_enable: + type: boolean + default: false + landlock_rules: + type: array + items: + $ref: "#/components/schemas/LandlockConfig" description: Virtual machine configuration CpuAffinity: @@ -1261,3 +1268,14 @@ components: properties: socket: type: string + + LandlockConfig: + required: + - path + - access + type: object + properties: + path: + type: string + access: + type: string diff --git a/versions.yaml b/versions.yaml index dadd9213fa..c2265d830e 100644 --- a/versions.yaml +++ b/versions.yaml @@ -75,7 +75,7 @@ assets: url: "https://github.com/cloud-hypervisor/cloud-hypervisor" uscan-url: >- https://github.com/cloud-hypervisor/cloud-hypervisor/tags.*/v?(\d\S+)\.tar\.gz - version: "v40.0" + version: "v41.0" firecracker: description: "Firecracker micro-VMM"