forks/linsk
forks/linsk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restricted VM networking

Browse source
This commit is contained in:
AlexSSD7 2023-08-26 16:43:04 +01:00
commit 34e66cb01c
5 changed files with 31 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

10
vm/vm.go
View file

@ -51,7 +51,7 @@ type Instance struct {
canceled uint32
}
func NewInstance(logger *slog.Logger, alpineImagePath string, usbDevices []USBDevicePassthroughConfig, debug bool, extraPortForwardings []PortForwardingConfig) (*Instance, error) {
func NewInstance(logger *slog.Logger, alpineImagePath string, usbDevices []USBDevicePassthroughConfig, debug bool, extraPortForwardings []PortForwardingConfig, unrestrictedNetworking bool) (*Instance, error) {
alpineImagePath = filepath.Clean(alpineImagePath)
_, err := os.Stat(alpineImagePath)
if err != nil {
@ -63,8 +63,6 @@ func NewInstance(logger *slog.Logger, alpineImagePath string, usbDevices []USBDe
return nil, errors.Wrap(err, "get free port for ssh server")
}
// TODO: Disable internet access
// TODO: Configurable memory allocation
baseCmd := "qemu-system-x86_64"
@ -72,6 +70,12 @@ func NewInstance(logger *slog.Logger, alpineImagePath string, usbDevices []USBDe
netdevOpts := "user,id=net0,hostfwd=tcp:127.0.0.1:" + fmt.Sprint(sshPort) + "-:22"
if !unrestrictedNetworking {
netdevOpts += ",restrict=on"
} else {
logger.Warn("Running with unsafe unrestricted networking")
}
for _, pf := range extraPortForwardings {
hostIPStr := ""
if pf.HostIP != nil {