Skip to content

Commit 3139155

Browse files
h4x3rotabh4x3rotab
authored
Merge pull request #663 from Dstack-TEE/codex/propose-fix-for-rootfs-integrity-issue
vmm: disallow ISO rootfs for image versions >= 0.5.0
2 parents 6050b7a + 86256eb commit 3139155

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

vmm/src/app/qemu.rs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -450,13 +450,19 @@ impl VmConfig {
450450
]);
451451
}
452452
if let Some(rootfs) = &self.image.rootfs {
453+
let img_ver = self.image.info.version_tuple().unwrap_or_default();
453454
let ext = rootfs
454455
.extension()
455456
.unwrap_or_default()
456457
.to_str()
457458
.unwrap_or_default();
458459
match ext {
459460
"iso" => {
461+
if img_ver >= (0, 5, 0) {
462+
bail!(
463+
"Unsupported rootfs type: {ext}. Image versions >= 0.5.0 must use verity rootfs"
464+
);
465+
}
460466
command.arg("-cdrom").arg(rootfs);
461467
}
462468
"verity" => {

0 commit comments

Comments
 (0)