devctr: mark firecracker source dir safe for git

This difference in ownership is validated against by git.
https://github.blog/2022-04-12-git-security-vulnerability-announced/

Signed-off-by: Alexandru-Cezar Sardan <[email protected]>

Author: Alexandru-Cezar Sardan

tools/devctr/Dockerfile.aarch64

@@ -129,5 +129,7 @@ RUN mkdir "$TMP_BUILD_DIR" && cd "$TMP_BUILD_DIR" \
 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION_TAG}/tini-static-arm64 /sbin/tini
 RUN chmod +x /sbin/tini
 
+ADD tools/devctr/ctr_gitconfig /root/.gitconfig
+
 WORKDIR "$FIRECRACKER_SRC_DIR"
 ENTRYPOINT ["/sbin/tini", "--"]

tools/devctr/Dockerfile.x86_64

@@ -142,5 +142,7 @@ RUN mkdir "$TMP_BUILD_DIR" && cd "$TMP_BUILD_DIR" \
 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION_TAG}/tini-static-amd64 /sbin/tini
 RUN chmod +x /sbin/tini
 
+ADD tools/devctr/ctr_gitconfig /root/.gitconfig
+
 WORKDIR "$FIRECRACKER_SRC_DIR"
 ENTRYPOINT ["/sbin/tini", "--"]

tools/devctr/ctr_gitconfig

@@ -0,0 +1,9 @@
+# Add the root firecracker git folder as a safe directory in .gitconfig.
+# Firecracker root git folder in the container is
+# bind-mounted to a folder on the host which is mapped to a
+# user that is different from the user which runs the integ tests.
+# This difference in ownership is validated against by git.
+# https://github.blog/2022-04-12-git-security-vulnerability-announced/
+
+[safe]
+ directory = /firecracker