From c945d2701c8a97d5cd5007810093a034970953c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Sat, 9 May 2026 13:19:46 +0200 Subject: [PATCH] runtime: disable virtiofsd extra-args annotation by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Keep virtio_fs_extra_args support in code, but remove it from default enable_annotations and add explicit security warnings in Makefiles and docs. Release-note note: mirror this hardening in release notes so operators know this remains opt-in and carries host-side risk when enabled. Signed-off-by: Fabiano FidĂȘncio --- docs/how-to/how-to-set-sandbox-config-kata.md | 6 ++++-- docs/runtime-configuration.md | 4 +++- src/runtime-rs/Makefile | 6 ++++-- src/runtime/Makefile | 6 ++++-- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/how-to/how-to-set-sandbox-config-kata.md b/docs/how-to/how-to-set-sandbox-config-kata.md index 535d233c6d..a36fa6584b 100644 --- a/docs/how-to/how-to-set-sandbox-config-kata.md +++ b/docs/how-to/how-to-set-sandbox-config-kata.md @@ -48,9 +48,11 @@ Hypervisor annotations must be explicitly whitelisted in the Kata runtime config ```toml title="/path/to/configuration.toml" # List of valid annotation names for the hypervisor -enable_annotations = ["enable_iommu", "virtio_fs_extra_args", "kernel_params"] +enable_annotations = ["enable_iommu", "kernel_params"] ``` +Warning: do not enable `virtio_fs_extra_args` in `enable_annotations` unless you fully trust all annotation sources. Passing arbitrary `virtiofsd` options can be abused for malicious host-side behavior. + | Key | Value Type | Comments | |-------| ----- | ----- | | `io.katacontainers.config.hypervisor.asset_hash_type` | string | the hash type used for assets verification, default is `sha512` | @@ -106,7 +108,7 @@ enable_annotations = ["enable_iommu", "virtio_fs_extra_args", "kernel_params"] | `io.katacontainers.config.hypervisor.virtio_fs_cache_size` | uint32 | virtio-fs DAX cache size in `MiB` | | `io.katacontainers.config.hypervisor.virtio_fs_cache` | string | the cache mode for virtio-fs, valid values are `always`, `auto` and `never` | | `io.katacontainers.config.hypervisor.virtio_fs_daemon` | string | virtio-fs `vhost-user` daemon path | -| `io.katacontainers.config.hypervisor.virtio_fs_extra_args` | string | extra options passed to `virtiofs` daemon | +| `io.katacontainers.config.hypervisor.virtio_fs_extra_args` | string | extra options passed to `virtiofs` daemon. **Security warning:** enabling this annotation can be abused for malicious host-side behavior | | `io.katacontainers.config.hypervisor.enable_guest_swap` | `boolean` | enable swap in the guest | | `io.katacontainers.config.hypervisor.use_legacy_serial` | `boolean` | uses legacy serial device for guest's console (QEMU) | | `io.katacontainers.config.hypervisor.default_gpus` | uint32 | the minimum number of GPUs required for the VM. Only used by remote hypervisor to help with instance selection | diff --git a/docs/runtime-configuration.md b/docs/runtime-configuration.md index c19f877c8b..668543a86f 100644 --- a/docs/runtime-configuration.md +++ b/docs/runtime-configuration.md @@ -23,9 +23,11 @@ rootless = false # List of valid annotation names for the hypervisor # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" -enable_annotations = ["enable_iommu", "virtio_fs_extra_args", "kernel_params"] +enable_annotations = ["enable_iommu", "kernel_params"] ``` +Warning: do not enable `virtio_fs_extra_args` in `enable_annotations` unless you fully trust all annotation sources. Allowing pods to pass `virtiofsd` extra arguments can be abused to inject unsafe daemon options and lead to malicious host-side behavior. + These files should never be modified directly. If you wish to create a modified version of these files, you may create your own [custom runtime](helm-configuration.md#custom-runtimes). For example, to modify the image path, we provide these values to helm: ```yaml title="values.yaml" diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index 6faee1993b..2dd363463e 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -174,8 +174,10 @@ DEFMAXMEMSZ := 0 DEFBRIDGES := 1 ##VAR DEFNETQUEUES= Default number of network queues DEFNETQUEUES := 1 -DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\"] -DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] +# Security note: do not enable "virtio_fs_extra_args" by default. +# Allowing pods to pass arbitrary virtiofsd arguments can be abused for malicious host-side behavior. +DEFENABLEANNOTATIONS := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\"] +DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] DEFDISABLEGUESTSECCOMP := true DEFDISABLEGUESTEMPTYDIR := false ##VAR DEFAULTEXPFEATURES=[features] Default experimental features enabled diff --git a/src/runtime/Makefile b/src/runtime/Makefile index c1d991afba..6d548abd04 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -223,8 +223,10 @@ DEFMEMSLOTS := 10 DEFMAXMEMSZ := 0 #Default number of bridges DEFBRIDGES := 1 -DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\"] -DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] +# Security note: do not enable "virtio_fs_extra_args" by default. +# Allowing pods to pass arbitrary virtiofsd arguments can be abused for malicious host-side behavior. +DEFENABLEANNOTATIONS := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\"] +DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"] DEFDISABLEGUESTSECCOMP := true DEFDISABLEGUESTEMPTYDIR := false DEFEMPTYDIRMODE := shared-fs