config: Whitelist hypervisor annotations by name

Add a field "enable_annotations" to the runtime configuration that can
be used to whitelist annotations using a list of regular expressions,
which are used to match any part of the base annotation name, i.e. the
part after "io.katacontainers.config.hypervisor."

For example, the following configuraiton will match "virtio_fs_daemon",
"initrd" and "jailer_path", but not "path" nor "firmware":

  enable_annotations = [ "virtio.*", "initrd", "_path" ]

The default is an empty list of enabled annotations, which disables
annotations entirely.

If an anontation is rejected, the message is something like:

  annotation io.katacontainers.config.hypervisor.virtio_fs_daemon is not enabled

Fixes: #901

Suggested-by: Peng Tao <tao.peng@linux.alibaba.com>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>

src/runtime/cli/config/configuration-acrn.toml.in

@@ -16,6 +16,11 @@ ctlpath = "@ACRNCTLPATH@"
 kernel = "@KERNELPATH_ACRN@"
 image = "@IMAGEPATH@"
 
+# List of valid annotation names for the hypervisor
+# Each member of the list is a regular expression, which is the base name
+# of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path"
+enable_annotations = @DEFENABLEANNOTATIONS@
+
 # List of valid annotations values for the hypervisor (default: empty)
 # Each member of the list is a path pattern as described by glob(3).
 path_list = @ACRNPATHLIST@

src/runtime/cli/config/configuration-clh.toml.in

@@ -15,6 +15,11 @@ path = "@CLHPATH@"
 kernel = "@KERNELPATH_CLH@"
 image = "@IMAGEPATH@"
 
+# List of valid annotation names for the hypervisor
+# Each member of the list is a regular expression, which is the base name
+# of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path"
+enable_annotations = @DEFENABLEANNOTATIONS@
+
 # List of valid annotations values for the hypervisor (default: empty)
 # Each member of the list is a path pattern as described by glob(3).
 path_list = @CLHPATHLIST@

src/runtime/cli/config/configuration-fc.toml.in

@@ -15,6 +15,11 @@ path = "@FCPATH@"
 kernel = "@KERNELPATH_FC@"
 image = "@IMAGEPATH@"
 
+# List of valid annotation names for the hypervisor
+# Each member of the list is a regular expression, which is the base name
+# of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path"
+enable_annotations = @DEFENABLEANNOTATIONS@
+
 # List of valid annotations values for the hypervisor (default: empty)
 # Each member of the list is a path pattern as described by glob(3).
 path_list = @FCPATHLIST@

src/runtime/cli/config/configuration-qemu-virtiofs.toml.in

@@ -16,6 +16,11 @@ kernel = "@KERNELVIRTIOFSPATH@"
 image = "@IMAGEPATH@"
 machine_type = "@MACHINETYPE@"
 
+# List of valid annotation names for the hypervisor
+# Each member of the list is a regular expression, which is the base name
+# of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path"
+enable_annotations = @DEFENABLEANNOTATIONS@
+
 # List of valid annotations values for the hypervisor (default: empty)
 # Each member of the list is a path pattern as described by glob(3).
 path_list = @QEMUVIRTIOFSPATHLIST@

src/runtime/cli/config/configuration-qemu.toml.in

@@ -16,6 +16,11 @@ kernel = "@KERNELPATH@"
 image = "@IMAGEPATH@"
 machine_type = "@MACHINETYPE@"
 
+# List of valid annotation names for the hypervisor
+# Each member of the list is a regular expression, which is the base name
+# of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path"
+enable_annotations = @DEFENABLEANNOTATIONS@
+
 # List of valid annotations values for the hypervisor (default: empty)
 # Each member of the list is a path pattern as described by glob(3).
 path_list = @QEMUPATHLIST@