mirror of
https://github.com/aljazceru/kata-containers.git
synced 2025-12-29 20:14:25 +01:00
config: Add makefile variables for path lists
Add variables to override defaults at build time for the various lists used to control path annotations. Fixes: #901 Suggested-by: Fabiano Fidencio <fidencio@redhat.com> Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
This commit is contained in:
Christophe de Dinechin
@@ -17,17 +17,11 @@ kernel = "@KERNELPATH_ACRN@"
|
||||
image = "@IMAGEPATH@"
|
||||
|
||||
# List of valid annotations values for the hypervisor (default: empty)
|
||||
# Each member of the list can be a regular expression, but prefer names.
|
||||
# Otherwise, please read and understand the following carefully.
|
||||
# SECURITY WARNING: If you use regular expressions, be mindful that
|
||||
# an attacker could craft an annotation that uses .. to escape the paths
|
||||
# you gave. For example, if your regexp is /bin/qemu.* then if there is
|
||||
# a directory named /bin/qemu.d/, then an attacker can pass an annotation
|
||||
# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
|
||||
# path_list = [ "@ACRNPATH@.*" ]
|
||||
# Each member of the list is a path pattern as described by glob(3).
|
||||
path_list = @ACRNPATHLIST@
|
||||
|
||||
# List of valid annotations values for ctlpath (default: empty)
|
||||
# ctlpath_list = [ "@ACRNCTLPATH@.*" ]
|
||||
ctlpath_list = @ACRNCTLPATHLIST@
|
||||
|
||||
# Optional space-separated list of options to pass to the guest kernel.
|
||||
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
|
||||
|
||||
@@ -16,14 +16,8 @@ kernel = "@KERNELPATH_CLH@"
|
||||
image = "@IMAGEPATH@"
|
||||
|
||||
# List of valid annotations values for the hypervisor (default: empty)
|
||||
# Each member of the list can be a regular expression, but prefer names.
|
||||
# Otherwise, please read and understand the following carefully.
|
||||
# SECURITY WARNING: If you use regular expressions, be mindful that
|
||||
# an attacker could craft an annotation that uses .. to escape the paths
|
||||
# you gave. For example, if your regexp is /bin/qemu.* then if there is
|
||||
# a directory named /bin/qemu.d/, then an attacker can pass an annotation
|
||||
# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
|
||||
# path_list = [ "@CLHPATH@.*" ]
|
||||
# Each member of the list is a path pattern as described by glob(3).
|
||||
path_list = @CLHPATHLIST@
|
||||
|
||||
# Optional space-separated list of options to pass to the guest kernel.
|
||||
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
|
||||
@@ -73,7 +67,7 @@ default_memory = @DEFMEMSZ@
|
||||
virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
|
||||
|
||||
# List of valid annotations values for the virtiofs daemon (default: empty)
|
||||
# virtio_fs_daemon_list = [ "/opt/kata/bin/virtiofsd", "/usr/.*/virtiofsd" ]
|
||||
virtio_fs_daemon_list = @DEFVIRTIOFSDAEMONLIST@
|
||||
|
||||
# Default size of DAX cache in MiB
|
||||
virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@
|
||||
|
||||
@@ -16,14 +16,8 @@ kernel = "@KERNELPATH_FC@"
|
||||
image = "@IMAGEPATH@"
|
||||
|
||||
# List of valid annotations values for the hypervisor (default: empty)
|
||||
# Each member of the list can be a regular expression, but prefer names.
|
||||
# Otherwise, please read and understand the following carefully.
|
||||
# SECURITY WARNING: If you use regular expressions, be mindful that
|
||||
# an attacker could craft an annotation that uses .. to escape the paths
|
||||
# you gave. For example, if your regexp is /bin/qemu.* then if there is
|
||||
# a directory named /bin/qemu.d/, then an attacker can pass an annotation
|
||||
# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
|
||||
# path_list = [ "@FCPATH@.*" ]
|
||||
# Each member of the list is a path pattern as described by glob(3).
|
||||
path_list = @FCPATHLIST@
|
||||
|
||||
# Path for the jailer specific to firecracker
|
||||
# If the jailer path is not set kata will launch firecracker
|
||||
@@ -35,7 +29,7 @@ image = "@IMAGEPATH@"
|
||||
|
||||
# List of valid jailer path values for the hypervisor (default: empty)
|
||||
# Each member of the list can be a regular expression
|
||||
# jailer_path_list = [ "@FCJAILERPATH@.*" ]
|
||||
# jailer_path_list = @FCJAILERPATHLIST@
|
||||
|
||||
|
||||
# Optional space-separated list of options to pass to the guest kernel.
|
||||
|
||||
@@ -17,14 +17,8 @@ image = "@IMAGEPATH@"
|
||||
machine_type = "@MACHINETYPE@"
|
||||
|
||||
# List of valid annotations values for the hypervisor (default: empty)
|
||||
# Each member of the list can be a regular expression, but prefer names.
|
||||
# Otherwise, please read and understand the following carefully.
|
||||
# SECURITY WARNING: If you use regular expressions, be mindful that
|
||||
# an attacker could craft an annotation that uses .. to escape the paths
|
||||
# you gave. For example, if your regexp is /bin/qemu.* then if there is
|
||||
# a directory named /bin/qemu.d/, then an attacker can pass an annotation
|
||||
# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
|
||||
# path_list = [ "@QEMUPATH@.*" ]
|
||||
# Each member of the list is a path pattern as described by glob(3).
|
||||
path_list = @QEMUVIRTIOFSPATHLIST@
|
||||
|
||||
# Optional space-separated list of options to pass to the guest kernel.
|
||||
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
|
||||
@@ -121,7 +115,7 @@ shared_fs = "@DEFSHAREDFS_QEMU_VIRTIOFS@"
|
||||
virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
|
||||
|
||||
# List of valid annotations values for the virtiofs daemon (default: empty)
|
||||
# virtio_fs_daemon_list = [ "/opt/kata/bin/virtiofsd", "/usr/.*/virtiofsd" ]
|
||||
virtio_fs_daemon_list = @DEFVIRTIOFSDAEMONLIST@
|
||||
|
||||
# Default size of DAX cache in MiB
|
||||
virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@
|
||||
@@ -213,16 +207,16 @@ vhost_user_store_path = "@DEFVHOSTUSERSTOREPATH@"
|
||||
#enable_iommu_platform = true
|
||||
|
||||
# List of valid annotations values for the virtiofs daemon (default: empty)
|
||||
# vhost_user_store_path_list = [ "/empty/space", "/multiverse/quantum-foam" ]
|
||||
vhost_user_store_path_list = @DEFVHOSTUSERSTOREPATHLIST@
|
||||
|
||||
# Enable file based guest memory support. The default is an empty string which
|
||||
# will disable this feature. In the case of virtio-fs, this is enabled
|
||||
# automatically and '/dev/shm' is used as the backing folder.
|
||||
# This option will be ignored if VM templating is enabled.
|
||||
#file_mem_backend = ""
|
||||
#file_mem_backend = "@DEFFILEMEMBACKEND@"
|
||||
|
||||
# List of valid annotations values for the file_mem_backend annotation (default: empty)
|
||||
# file_mem_backend_list = [ "/dev/shm" ]
|
||||
#file_mem_backend_list = @DEFFILEMEMBACKENDLIST@
|
||||
|
||||
# Enable swap of vm memory. Default false.
|
||||
# The behaviour is undefined if mem_prealloc is also set to true
|
||||
|
||||
@@ -12,19 +12,14 @@
|
||||
|
||||
[hypervisor.qemu]
|
||||
path = "@QEMUPATH@"
|
||||
# List of valid annotations values for the hypervisor (default: empty)
|
||||
# Each member of the list can be a regular expression, but prefer names.
|
||||
# Otherwise, please read and understand the following carefully.
|
||||
# SECURITY WARNING: If you use regular expressions, be mindful that
|
||||
# an attacker could craft an annotation that uses .. to escape the paths
|
||||
# you gave. For example, if your regexp is /bin/qemu.* then if there is
|
||||
# a directory named /bin/qemu.d/, then an attacker can pass an annotation
|
||||
# containing /bin/qemu.d/../put-any-binary-name-here and attack your host.
|
||||
# path_list = [ "@QEMUPATH@.*" ]
|
||||
kernel = "@KERNELPATH@"
|
||||
image = "@IMAGEPATH@"
|
||||
machine_type = "@MACHINETYPE@"
|
||||
|
||||
# List of valid annotations values for the hypervisor (default: empty)
|
||||
# Each member of the list is a path pattern as described by glob(3).
|
||||
path_list = @QEMUPATHLIST@
|
||||
|
||||
# Optional space-separated list of options to pass to the guest kernel.
|
||||
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
|
||||
# trouble running pre-2.15 glibc.
|
||||
@@ -126,7 +121,7 @@ shared_fs = "@DEFSHAREDFS@"
|
||||
virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
|
||||
|
||||
# List of valid annotations values for the virtiofs daemon (default: empty)
|
||||
# virtio_fs_daemon_list = [ "/opt/kata/bin/virtiofsd", "/usr/.*/virtiofsd" ]
|
||||
virtio_fs_daemon_list = @DEFVIRTIOFSDAEMONLIST@
|
||||
|
||||
# Default size of DAX cache in MiB
|
||||
virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@
|
||||
@@ -217,17 +212,17 @@ vhost_user_store_path = "@DEFVHOSTUSERSTOREPATH@"
|
||||
# Enabling this will result in the VM device having iommu_platform=on set
|
||||
#enable_iommu_platform = true
|
||||
|
||||
# List of valid annotations values for the virtiofs daemon (default: empty)
|
||||
# vhost_user_store_path_list = [ "/empty/space", "/multiverse/quantum-foam" ]
|
||||
# List of valid annotations values for the vhost user store path (default: empty)
|
||||
vhost_user_store_path_list = @DEFVHOSTUSERSTOREPATHLIST@
|
||||
|
||||
# Enable file based guest memory support. The default is an empty string which
|
||||
# will disable this feature. In the case of virtio-fs, this is enabled
|
||||
# automatically and '/dev/shm' is used as the backing folder.
|
||||
# This option will be ignored if VM templating is enabled.
|
||||
#file_mem_backend = ""
|
||||
#file_mem_backend = "@DEFFILEMEMBACKEND@"
|
||||
|
||||
# List of valid annotations values for the file_mem_backend annotation (default: empty)
|
||||
# file_mem_backend_list = [ "/dev/shm" ]
|
||||
#file_mem_backend_list = @DEFFILEMEMBACKENDLIST@
|
||||
|
||||
# Enable swap of vm memory. Default false.
|
||||
# The behaviour is undefined if mem_prealloc is also set to true
|
||||
|
||||
Reference in New Issue
Block a user