vmm: ignore and warn TAP FDs send in vm.create

This does the same thing as df2a7c17 ("vmm: Ignore and warn TAP FDs sent via the HTTP request body"), but for the vm.create endpoint, which also previously would accept file descriptors in the body, and try to use whatever fd occupied that number as a TAP device. Signed-off-by: Alyssa Ross <hi@alyssa.is>
2025-02-23 11:52:21 +00:00 · 2023-06-19 10:17:02 +00:00 · 2023-06-19 10:17:02 +00:00 · 9da363e79b
commit 9da363e79b
parent bbfd810c3b
1 changed files with 10 additions and 1 deletions
--- a/vmm/src/api/http_endpoint.rs
+++ b/vmm/src/api/http_endpoint.rs
@ -36,13 +36,22 @@ impl EndpointHandler for VmCreate {
                match &req.body {
                    Some(body) => {
                        // Deserialize into a VmConfig
-                        let vm_config: VmConfig = match serde_json::from_slice(body.raw())
+                        let mut vm_config: VmConfig = match serde_json::from_slice(body.raw())
                            .map_err(HttpError::SerdeJsonDeserialize)
                        {
                            Ok(config) => config,
                            Err(e) => return error_response(e, StatusCode::BadRequest),
                        };

+                        if let Some(ref mut nets) = vm_config.net {
+                            if nets.iter().any(|net| net.fds.is_some()) {
+                                warn!("Ignoring FDs sent via the HTTP request body");
+                            }
+                            for net in nets {
+                                net.fds = None;
+                            }
+                        }
+
                        // Call vm_create()
                        match vm_create(api_notifier, api_sender, Arc::new(Mutex::new(vm_config)))
                            .map_err(HttpError::ApiError)