add option to relax socket_vmnet validation

avoidik · avoidik · commit d58db8d0e376 · 2024-09-27T10:51:30.000+01:00
diff --git a/pkg/networks/networks.go b/pkg/networks/networks.go
@@ -9,9 +9,10 @@ type YAML struct {
 }
 
 type Paths struct {
-	SocketVMNet string `yaml:"socketVMNet"`
-	VarRun      string `yaml:"varRun"`
-	Sudoers     string `yaml:"sudoers,omitempty"`
+	SocketVMNet         string `yaml:"socketVMNet"`
+	VarRun              string `yaml:"varRun"`
+	Sudoers             string `yaml:"sudoers,omitempty"`
+	RelaxedVerification bool   `yaml:"relaxedVerification,omitempty"`
 }
 
 const (
diff --git a/pkg/networks/validate.go b/pkg/networks/validate.go
@@ -20,14 +20,20 @@ func (config *YAML) Validate() error {
 	paths := reflect.ValueOf(&config.Paths).Elem()
 	pathsMap := make(map[string]string, paths.NumField())
 	var socketVMNetNotFound bool
+	var relaxedVerification = config.Paths.RelaxedVerification
 	for i := 0; i < paths.NumField(); i++ {
 		// extract YAML name from struct tag; strip options like "omitempty"
 		name := paths.Type().Field(i).Tag.Get("yaml")
 		if i := strings.IndexRune(name, ','); i > -1 {
 			name = name[:i]
 		}
-		path := paths.Field(i).Interface().(string)
-		pathsMap[name] = path
+		var path string
+		if path, ok := paths.Field(i).Interface().(string); ok {
+			pathsMap[name] = path
+		} else {
+			// we only validate strings from the config.Paths
+			continue
+		}
 		// varPath will be created securely, but any existing parent directories must already be secure
 		if name == "varRun" {
 			path = findBaseDirectory(path)
@@ -44,11 +50,19 @@ func (config *YAML) Validate() error {
 					continue
 				}
 			}
-			return fmt.Errorf("networks.yaml field `paths.%s` error: %w", name, err)
+			if relaxedVerification {
+				fmt.Printf("networks.yaml field `paths.%s` error: %v\n", name, err)
+			} else {
+				return fmt.Errorf("networks.yaml field `paths.%s` error: %w", name, err)
+			}
 		}
 	}
 	if socketVMNetNotFound {
-		return fmt.Errorf("networks.yaml: %q (`paths.socketVMNet`) has to be installed", pathsMap["socketVMNet"])
+		if relaxedVerification {
+			fmt.Printf("networks.yaml: %q (`paths.socketVMNet`) has to be installed\n", pathsMap["socketVMNet"])
+		} else {
+			return fmt.Errorf("networks.yaml: %q (`paths.socketVMNet`) has to be installed", pathsMap["socketVMNet"])
+		}
 	}
 	// TODO(jandubois): validate network definitions
 	return nil
@@ -126,7 +140,7 @@ func validatePath(path string, allowDaemonGroupWritable bool) error {
 		}
 	}
 	if !ownerIsAdmin {
-		return fmt.Errorf(`%s %q owner %dis not an admin`, file, path, stat.Uid)
+		return fmt.Errorf(`%s %q owner %d is not an admin`, file, path, stat.Uid)
 	}
 	if allowDaemonGroupWritable {
 		daemon, err := osutil.LookupUser("daemon")

Original file line number	Diff line number	Diff line change
`@@ -9,9 +9,10 @@ type YAML struct {`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`type Paths struct {`
`12`		- SocketVMNet string `yaml:"socketVMNet"`
`13`		- VarRun string `yaml:"varRun"`
`14`		- Sudoers string `yaml:"sudoers,omitempty"`
	`12`	+ SocketVMNet string `yaml:"socketVMNet"`
	`13`	+ VarRun string `yaml:"varRun"`
	`14`	+ Sudoers string `yaml:"sudoers,omitempty"`
	`15`	+ RelaxedVerification bool `yaml:"relaxedVerification,omitempty"`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`const (`