From 562a0283ec6748e61918554ac346c262418327e4 Mon Sep 17 00:00:00 2001
From: Christophe de Dinechin <dinechin@redhat.com>
Date: Fri, 15 May 2020 16:04:55 +0200
Subject: [PATCH] config: Add hypervisor path override through annotations

The annotation is provided, so it should be respected.
Furthermore, it is important to implement it with the appropriate
protetions similar to what was done for virtiofsd.

Fixes: #3004

Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
---
 virtcontainers/pkg/oci/utils.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/virtcontainers/pkg/oci/utils.go b/virtcontainers/pkg/oci/utils.go
index 6f00fe0494..27caee57fe 100644
--- a/virtcontainers/pkg/oci/utils.go
+++ b/virtcontainers/pkg/oci/utils.go
@@ -399,6 +399,13 @@ func addHypervisorConfigOverrides(ocispec specs.Spec, config *vc.SandboxConfig,
 		return err
 	}
 
+	if value, ok := ocispec.Annotations[vcAnnotations.HypervisorPath]; ok {
+		if !regexpContains(runtime.HypervisorConfig.HypervisorPathList, value) {
+			return fmt.Errorf("hypervisor %v required from annotation is not valid", value)
+		}
+		config.HypervisorConfig.HypervisorPath = value
+	}
+
 	if value, ok := ocispec.Annotations[vcAnnotations.KernelParams]; ok {
 		if value != "" {
 			params := vc.DeserializeParams(strings.Fields(value))