diff --git a/docs/how-to/how-to-set-sandbox-config-kata.md b/docs/how-to/how-to-set-sandbox-config-kata.md index 36fcded6eb..a406b54427 100644 --- a/docs/how-to/how-to-set-sandbox-config-kata.md +++ b/docs/how-to/how-to-set-sandbox-config-kata.md @@ -49,9 +49,11 @@ Hypervisor annotations must be explicitly whitelisted in the Kata runtime config ```toml title="/path/to/configuration.toml" # List of valid annotation names for the hypervisor -enable_annotations = ["enable_iommu", "virtio_fs_extra_args", "kernel_params"] +enable_annotations = ["enable_iommu", "kernel_params"] ``` +Warning: do not enable `virtio_fs_extra_args` in `enable_annotations` unless you fully trust all annotation sources. Passing arbitrary `virtiofsd` options can be abused for malicious host-side behavior. + | Key | Value Type | Comments | |-------| ----- | ----- | | `io.katacontainers.config.hypervisor.asset_hash_type` | string | the hash type used for assets verification, default is `sha512` | @@ -107,7 +109,7 @@ enable_annotations = ["enable_iommu", "virtio_fs_extra_args", "kernel_params"] | `io.katacontainers.config.hypervisor.virtio_fs_cache_size` | uint32 | virtio-fs DAX cache size in `MiB` | | `io.katacontainers.config.hypervisor.virtio_fs_cache` | string | the cache mode for virtio-fs, valid values are `always`, `auto` and `never` | | `io.katacontainers.config.hypervisor.virtio_fs_daemon` | string | virtio-fs `vhost-user` daemon path | -| `io.katacontainers.config.hypervisor.virtio_fs_extra_args` | string | extra options passed to `virtiofs` daemon | +| `io.katacontainers.config.hypervisor.virtio_fs_extra_args` | string | extra options passed to `virtiofs` daemon. **Security warning:** enabling this annotation can be abused for malicious host-side behavior | | `io.katacontainers.config.hypervisor.enable_guest_swap` | `boolean` | enable swap in the guest | | `io.katacontainers.config.hypervisor.use_legacy_serial` | `boolean` | uses legacy serial device for guest's console (QEMU) | | `io.katacontainers.config.hypervisor.default_gpus` | uint32 | the minimum number of GPUs required for the VM. Only used by remote hypervisor to help with instance selection | diff --git a/docs/runtime-configuration.md b/docs/runtime-configuration.md index c19f877c8b..668543a86f 100644 --- a/docs/runtime-configuration.md +++ b/docs/runtime-configuration.md @@ -23,9 +23,11 @@ rootless = false # List of valid annotation names for the hypervisor # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" -enable_annotations = ["enable_iommu", "virtio_fs_extra_args", "kernel_params"] +enable_annotations = ["enable_iommu", "kernel_params"] ``` +Warning: do not enable `virtio_fs_extra_args` in `enable_annotations` unless you fully trust all annotation sources. Allowing pods to pass `virtiofsd` extra arguments can be abused to inject unsafe daemon options and lead to malicious host-side behavior. + These files should never be modified directly. If you wish to create a modified version of these files, you may create your own [custom runtime](helm-configuration.md#custom-runtimes). For example, to modify the image path, we provide these values to helm: ```yaml title="values.yaml" diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index 43735f0d9c..b9497d846c 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -174,8 +174,10 @@ DEFMAXMEMSZ := 0 DEFBRIDGES := 1 ##VAR DEFNETQUEUES= Default number of network queues DEFNETQUEUES := 1 -DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\"] -DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] +# Security note: do not enable "virtio_fs_extra_args" by default. +# Allowing pods to pass arbitrary virtiofsd arguments can be abused for malicious host-side behavior. +DEFENABLEANNOTATIONS := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\"] +DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] DEFDISABLEGUESTSECCOMP := true DEFDISABLEGUESTEMPTYDIR := false DEFEMPTYDIRMODE := shared-fs diff --git a/src/runtime/Makefile b/src/runtime/Makefile index 36dd9c2312..91d3eb976c 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -223,8 +223,10 @@ DEFMEMSLOTS := 10 DEFMAXMEMSZ := 0 #Default number of bridges DEFBRIDGES := 1 -DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\"] -DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] +# Security note: do not enable "virtio_fs_extra_args" by default. +# Allowing pods to pass arbitrary virtiofsd arguments can be abused for malicious host-side behavior. +DEFENABLEANNOTATIONS := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\"] +DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] DEFDISABLEGUESTSECCOMP := true DEFDISABLEGUESTEMPTYDIR := false DEFEMPTYDIRMODE := shared-fs