config: Add makefile variables for path lists

Add variables to override defaults at build time for the various lists
used to control path annotations.

Fixes: #901

Suggested-by: Fabiano Fidencio <fidencio@redhat.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>

src/runtime/Makefile

@@ -129,16 +129,22 @@ DEFAULT_HYPERVISOR ?= $(HYPERVISOR_QEMU)
 HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVISOR_QEMU_VIRTIOFS) $(HYPERVISOR_CLH)
 
 QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
+QEMUPATHLIST := [\"$(QEMUPATH)\"]
 
 QEMUVIRTIOFSPATH := $(QEMUBINDIR)/$(QEMUVIRTIOFSCMD)
 
 CLHPATH := $(CLHBINDIR)/$(CLHCMD)
+CLHPATHLIST := [\"$(CLHBINDIR)/$(CLHCMD)\"]
 
 FCPATH = $(FCBINDIR)/$(FCCMD)
+FCPATHLIST = [\"$(FCPATH)\"]
 FCJAILERPATH = $(FCBINDIR)/$(FCJAILERCMD)
+FCJAILERPATHLIST = [\"$(FCJAILERPATH)\"]
 
 ACRNPATH := $(ACRNBINDIR)/$(ACRNCMD)
+ACRNPATHLIST := [\"$(ACRNPATH)\"]
 ACRNCTLPATH := $(ACRNBINDIR)/$(ACRNCTLCMD)
+ACRNCTLPATHLIST := [\"$(ACRNCTLPATH)\"]
 
 SHIMCMD := $(BIN_PREFIX)-shim
 SHIMPATH := $(PKGLIBEXECDIR)/$(SHIMCMD)
@@ -172,6 +178,7 @@ DEFDISABLEBLOCK := false
 DEFSHAREDFS := virtio-9p
 DEFSHAREDFS_QEMU_VIRTIOFS := virtio-fs
 DEFVIRTIOFSDAEMON := $(VIRTIOFSDBINDIR)/virtiofsd
+DEFVIRTIOFSDAEMONLIST := [\"$(DEFVIRTIOFSDAEMON)\"]
 # Default DAX mapping cache size in MiB
 #if value is 0, DAX is not enabled
 DEFVIRTIOFSCACHESIZE := 0
@@ -187,6 +194,9 @@ DEFENABLEMEMPREALLOC := false
 DEFENABLEHUGEPAGES := false
 DEFENABLEVHOSTUSERSTORE := false
 DEFVHOSTUSERSTOREPATH := $(PKGRUNDIR)/vhost-user
+DEFVHOSTUSERSTOREPATHLIST := [\"$(DEFVHOSTUSERSTOREPATH)\"]
+DEFFILEMEMBACKEND := ""
+DEFFILEMEMBACKENDLIST := [\"$(DEFFILEMEMBACKEND)\"]
 DEFENABLESWAP := false
 DEFENABLEDEBUG := false
 DEFDISABLENESTINGCHECKS := false
@@ -391,10 +401,16 @@ USER_VARS += DEFAULT_HYPERVISOR
 USER_VARS += ACRNCMD
 USER_VARS += ACRNCTLCMD
 USER_VARS += ACRNPATH
+USER_VARS += ACRNPATHLIST
 USER_VARS += ACRNCTLPATH
+USER_VARS += ACRNCTLPATHLIST
+USER_VARS += CLHPATH
+USER_VARS += CLHPATHLIST
 USER_VARS += FCCMD
 USER_VARS += FCPATH
+USER_VARS += FCPATHLIST
 USER_VARS += FCJAILERPATH
+USER_VARS += FCJAILERPATHLIST
 USER_VARS += SYSCONFIG
 USER_VARS += IMAGENAME
 USER_VARS += IMAGEPATH
@@ -425,8 +441,10 @@ USER_VARS += NETMONPATH
 USER_VARS += QEMUBINDIR
 USER_VARS += QEMUCMD
 USER_VARS += QEMUPATH
+USER_VARS += QEMUPATHLIST
 USER_VARS += QEMUVIRTIOFSCMD
 USER_VARS += QEMUVIRTIOFSPATH
+USER_VARS += QEMUVIRTIOFSPATHLIST
 USER_VARS += SHAREDIR
 USER_VARS += SHIMPATH
 USER_VARS += SYSCONFDIR
@@ -449,6 +467,7 @@ USER_VARS += DEFBLOCKSTORAGEDRIVER_QEMU_VIRTIOFS
 USER_VARS += DEFSHAREDFS
 USER_VARS += DEFSHAREDFS_QEMU_VIRTIOFS
 USER_VARS += DEFVIRTIOFSDAEMON
+USER_VARS += DEFVIRTIOFSDAEMONLIST
 USER_VARS += DEFVIRTIOFSCACHESIZE
 USER_VARS += DEFVIRTIOFSCACHE
 USER_VARS += DEFVIRTIOFSEXTRAARGS
@@ -457,6 +476,9 @@ USER_VARS += DEFENABLEMEMPREALLOC
 USER_VARS += DEFENABLEHUGEPAGES
 USER_VARS += DEFENABLEVHOSTUSERSTORE
 USER_VARS += DEFVHOSTUSERSTOREPATH
+USER_VARS += DEFVHOSTUSERSTOREPATHLIST
+USER_VARS += DEFFILEMEMBACKEND
+USER_VARS += DEFFILEMEMBACKENDLIST
 USER_VARS += DEFENABLESWAP
 USER_VARS += DEFENABLEDEBUG
 USER_VARS += DEFDISABLENESTINGCHECKS
@@ -606,10 +628,15 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 		-e "s|@CONFIG_FC_IN@|$(CONFIG_FC_IN)|g" \
 		-e "s|@CONFIG_PATH@|$(CONFIG_PATH)|g" \
 		-e "s|@FCPATH@|$(FCPATH)|g" \
+		-e "s|@FCPATHLIST@|$(FCPATHLIST)|g" \
 		-e "s|@FCJAILERPATH@|$(FCJAILERPATH)|g" \
+		-e "s|@FCJAILERPATHLIST@|$(FCJAILERPATHLIST)|g" \
 		-e "s|@ACRNPATH@|$(ACRNPATH)|g" \
+		-e "s|@ACRNPATHLIST@|$(ACRNPATHLIST)|g" \
 		-e "s|@ACRNCTLPATH@|$(ACRNCTLPATH)|g" \
+		-e "s|@ACRNCTLPATHLIST@|$(ACRNCTLPATHLIST)|g" \
 		-e "s|@CLHPATH@|$(CLHPATH)|g" \
+		-e "s|@CLHPATHLIST@|$(CLHPATHLIST)|g" \
 		-e "s|@SYSCONFIG@|$(SYSCONFIG)|g" \
 		-e "s|@IMAGEPATH@|$(IMAGEPATH)|g" \
 		-e "s|@KERNELPATH_ACRN@|$(KERNELPATH_ACRN)|g" \
@@ -635,7 +662,9 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 		-e "s|@PROJECT_TAG@|$(PROJECT_TAG)|g" \
 		-e "s|@PROJECT_TYPE@|$(PROJECT_TYPE)|g" \
 		-e "s|@QEMUPATH@|$(QEMUPATH)|g" \
+		-e "s|@QEMUPATHLIST@|$(QEMUPATHLIST)|g" \
 		-e "s|@QEMUVIRTIOFSPATH@|$(QEMUVIRTIOFSPATH)|g" \
+		-e "s|@QEMUVIRTIOFSPATHLIST@|$(QEMUVIRTIOFSPATHLIST)|g" \
 		-e "s|@RUNTIME_NAME@|$(TARGET)|g" \
 		-e "s|@MACHINETYPE@|$(MACHINETYPE)|g" \
 		-e "s|@SHIMPATH@|$(SHIMPATH)|g" \
@@ -659,6 +688,7 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 		-e "s|@DEFSHAREDFS@|$(DEFSHAREDFS)|g" \
 		-e "s|@DEFSHAREDFS_QEMU_VIRTIOFS@|$(DEFSHAREDFS_QEMU_VIRTIOFS)|g" \
 		-e "s|@DEFVIRTIOFSDAEMON@|$(DEFVIRTIOFSDAEMON)|g" \
+		-e "s|@DEFVIRTIOFSDAEMONLIST@|$(DEFVIRTIOFSDAEMONLIST)|g" \
 		-e "s|@DEFVIRTIOFSCACHESIZE@|$(DEFVIRTIOFSCACHESIZE)|g" \
 		-e "s|@DEFVIRTIOFSCACHE@|$(DEFVIRTIOFSCACHE)|g" \
 		-e "s|@DEFVIRTIOFSEXTRAARGS@|$(DEFVIRTIOFSEXTRAARGS)|g" \
@@ -667,6 +697,9 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 		-e "s|@DEFENABLEHUGEPAGES@|$(DEFENABLEHUGEPAGES)|g" \
 		-e "s|@DEFENABLEVHOSTUSERSTORE@|$(DEFENABLEVHOSTUSERSTORE)|g" \
 		-e "s|@DEFVHOSTUSERSTOREPATH@|$(DEFVHOSTUSERSTOREPATH)|g" \
+		-e "s|@DEFVHOSTUSERSTOREPATHLIST@|$(DEFVHOSTUSERSTOREPATHLIST)|g" \
+		-e "s|@DEFFILEMEMBACKEND@|$(DEFFILEMEMBACKEND)|g" \
+		-e "s|@DEFFILEMEMBACKENDLIST@|$(DEFFILEMEMBACKENDLIST)|g" \
 		-e "s|@DEFENABLEMSWAP@|$(DEFENABLESWAP)|g" \
 		-e "s|@DEFENABLEDEBUG@|$(DEFENABLEDEBUG)|g" \
 		-e "s|@DEFDISABLENESTINGCHECKS@|$(DEFDISABLENESTINGCHECKS)|g" \

src/runtime/cli/config/configuration-acrn.toml.in

@@ -17,17 +17,11 @@ kernel = "@KERNELPATH_ACRN@"
 image = "@IMAGEPATH@"
 
 # List of valid annotations values for the hypervisor (default: empty)
-# Each member of the list can be a regular expression, but prefer names.
-# Otherwise, please read and understand the following carefully.
-# SECURITY WARNING: If you use regular expressions, be mindful that
-# an attacker could craft an annotation that uses .. to escape the paths
-# you gave. For example, if your regexp is /bin/qemu.* then if there is
-# a directory named /bin/qemu.d/, then an attacker can pass an annotation
-# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
-# path_list = [ "@ACRNPATH@.*" ]
+# Each member of the list is a path pattern as described by glob(3).
+path_list = @ACRNPATHLIST@
 
 # List of valid annotations values for ctlpath (default: empty)
-# ctlpath_list = [ "@ACRNCTLPATH@.*" ]
+ctlpath_list = @ACRNCTLPATHLIST@
 
 # Optional space-separated list of options to pass to the guest kernel.
 # For example, use `kernel_params = "vsyscall=emulate"` if you are having

src/runtime/cli/config/configuration-clh.toml.in

@@ -16,14 +16,8 @@ kernel = "@KERNELPATH_CLH@"
 image = "@IMAGEPATH@"
 
 # List of valid annotations values for the hypervisor (default: empty)
-# Each member of the list can be a regular expression, but prefer names.
-# Otherwise, please read and understand the following carefully.
-# SECURITY WARNING: If you use regular expressions, be mindful that
-# an attacker could craft an annotation that uses .. to escape the paths
-# you gave. For example, if your regexp is /bin/qemu.* then if there is
-# a directory named /bin/qemu.d/, then an attacker can pass an annotation
-# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
-# path_list = [ "@CLHPATH@.*" ]
+# Each member of the list is a path pattern as described by glob(3).
+path_list = @CLHPATHLIST@
 
 # Optional space-separated list of options to pass to the guest kernel.
 # For example, use `kernel_params = "vsyscall=emulate"` if you are having
@@ -73,7 +67,7 @@ default_memory = @DEFMEMSZ@
 virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
 
 # List of valid annotations values for the virtiofs daemon (default: empty)
-# virtio_fs_daemon_list = [ "/opt/kata/bin/virtiofsd", "/usr/.*/virtiofsd" ]
+virtio_fs_daemon_list = @DEFVIRTIOFSDAEMONLIST@
 
 # Default size of DAX cache in MiB
 virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@

src/runtime/cli/config/configuration-fc.toml.in

@@ -16,14 +16,8 @@ kernel = "@KERNELPATH_FC@"
 image = "@IMAGEPATH@"
 
 # List of valid annotations values for the hypervisor (default: empty)
-# Each member of the list can be a regular expression, but prefer names.
-# Otherwise, please read and understand the following carefully.
-# SECURITY WARNING: If you use regular expressions, be mindful that
-# an attacker could craft an annotation that uses .. to escape the paths
-# you gave. For example, if your regexp is /bin/qemu.* then if there is
-# a directory named /bin/qemu.d/, then an attacker can pass an annotation
-# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
-# path_list = [ "@FCPATH@.*" ]
+# Each member of the list is a path pattern as described by glob(3).
+path_list = @FCPATHLIST@
 
 # Path for the jailer specific to firecracker
 # If the jailer path is not set kata will launch firecracker
@@ -35,7 +29,7 @@ image = "@IMAGEPATH@"
 
 # List of valid jailer path values for the hypervisor (default: empty)
 # Each member of the list can be a regular expression
-# jailer_path_list = [ "@FCJAILERPATH@.*" ]
+# jailer_path_list = @FCJAILERPATHLIST@
 
 
 # Optional space-separated list of options to pass to the guest kernel.

src/runtime/cli/config/configuration-qemu-virtiofs.toml.in

@@ -17,14 +17,8 @@ image = "@IMAGEPATH@"
 machine_type = "@MACHINETYPE@"
 
 # List of valid annotations values for the hypervisor (default: empty)
-# Each member of the list can be a regular expression, but prefer names.
-# Otherwise, please read and understand the following carefully.
-# SECURITY WARNING: If you use regular expressions, be mindful that
-# an attacker could craft an annotation that uses .. to escape the paths
-# you gave. For example, if your regexp is /bin/qemu.* then if there is
-# a directory named /bin/qemu.d/, then an attacker can pass an annotation
-# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
-# path_list = [ "@QEMUPATH@.*" ]
+# Each member of the list is a path pattern as described by glob(3).
+path_list = @QEMUVIRTIOFSPATHLIST@
 
 # Optional space-separated list of options to pass to the guest kernel.
 # For example, use `kernel_params = "vsyscall=emulate"` if you are having
@@ -121,7 +115,7 @@ shared_fs = "@DEFSHAREDFS_QEMU_VIRTIOFS@"
 virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
 
 # List of valid annotations values for the virtiofs daemon (default: empty)
-# virtio_fs_daemon_list = [ "/opt/kata/bin/virtiofsd", "/usr/.*/virtiofsd" ]
+virtio_fs_daemon_list = @DEFVIRTIOFSDAEMONLIST@
 
 # Default size of DAX cache in MiB
 virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@
@@ -213,16 +207,16 @@ vhost_user_store_path = "@DEFVHOSTUSERSTOREPATH@"
 #enable_iommu_platform = true
 
 # List of valid annotations values for the virtiofs daemon (default: empty)
-# vhost_user_store_path_list = [ "/empty/space", "/multiverse/quantum-foam" ]
+vhost_user_store_path_list = @DEFVHOSTUSERSTOREPATHLIST@
 
 # Enable file based guest memory support. The default is an empty string which
 # will disable this feature. In the case of virtio-fs, this is enabled
 # automatically and '/dev/shm' is used as the backing folder.
 # This option will be ignored if VM templating is enabled.
-#file_mem_backend = ""
+#file_mem_backend = "@DEFFILEMEMBACKEND@"
 
 # List of valid annotations values for the file_mem_backend annotation (default: empty)
-# file_mem_backend_list = [ "/dev/shm" ]
+#file_mem_backend_list = @DEFFILEMEMBACKENDLIST@
 
 # Enable swap of vm memory. Default false.
 # The behaviour is undefined if mem_prealloc is also set to true

src/runtime/cli/config/configuration-qemu.toml.in

@@ -12,19 +12,14 @@
 
 [hypervisor.qemu]
 path = "@QEMUPATH@"
-# List of valid annotations values for the hypervisor (default: empty)
-# Each member of the list can be a regular expression, but prefer names.
-# Otherwise, please read and understand the following carefully.
-# SECURITY WARNING: If you use regular expressions, be mindful that
-# an attacker could craft an annotation that uses .. to escape the paths
-# you gave. For example, if your regexp is /bin/qemu.* then if there is
-# a directory named /bin/qemu.d/, then an attacker can pass an annotation
-# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
-# path_list = [ "@QEMUPATH@.*" ]
 kernel = "@KERNELPATH@"
 image = "@IMAGEPATH@"
 machine_type = "@MACHINETYPE@"
 
+# List of valid annotations values for the hypervisor (default: empty)
+# Each member of the list is a path pattern as described by glob(3).
+path_list = @QEMUPATHLIST@
+
 # Optional space-separated list of options to pass to the guest kernel.
 # For example, use `kernel_params = "vsyscall=emulate"` if you are having
 # trouble running pre-2.15 glibc.
@@ -126,7 +121,7 @@ shared_fs = "@DEFSHAREDFS@"
 virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
 
 # List of valid annotations values for the virtiofs daemon (default: empty)
-# virtio_fs_daemon_list = [ "/opt/kata/bin/virtiofsd", "/usr/.*/virtiofsd" ]
+virtio_fs_daemon_list = @DEFVIRTIOFSDAEMONLIST@
 
 # Default size of DAX cache in MiB
 virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@
@@ -217,17 +212,17 @@ vhost_user_store_path = "@DEFVHOSTUSERSTOREPATH@"
 # Enabling this will result in the VM device having iommu_platform=on set
 #enable_iommu_platform = true
 
-# List of valid annotations values for the virtiofs daemon (default: empty)
-# vhost_user_store_path_list = [ "/empty/space", "/multiverse/quantum-foam" ]
+# List of valid annotations values for the vhost user store path (default: empty)
+vhost_user_store_path_list = @DEFVHOSTUSERSTOREPATHLIST@
 
 # Enable file based guest memory support. The default is an empty string which
 # will disable this feature. In the case of virtio-fs, this is enabled
 # automatically and '/dev/shm' is used as the backing folder.
 # This option will be ignored if VM templating is enabled.
-#file_mem_backend = ""
+#file_mem_backend = "@DEFFILEMEMBACKEND@"
 
 # List of valid annotations values for the file_mem_backend annotation (default: empty)
-# file_mem_backend_list = [ "/dev/shm" ]
+#file_mem_backend_list = @DEFFILEMEMBACKENDLIST@
 
 # Enable swap of vm memory. Default false.
 # The behaviour is undefined if mem_prealloc is also set to true