Comment 0 for bug 1878234

A few of the kata-runtime annotations can be used to execute arbitrary pre-existing binaries on the host.

For example, "virtio_fs_daemon" in combination with "virtio_fs_extra_args" makes it possible to invoke a host binary with arbitrary args.

The hypervisor.path and hypervisor.jailer_path annotations could also be used the same way.

Suggestion for fix: add valid annotation values to the configuration file that lists the acceptable values for such annotations, with a suitable default value of "empty".