utils_test: add support for updating kernel args for image mode

[liang-cong-red-hat]

Extend 'update_boot_option' to handle updating kernel args in image mode.
Note: according to doc: https://docs.fedoraproject.org/en-US/bootc/kernel-args/#_modifying_kernel_arguments_on_existing_systems

Related test result on image mode:
(1/1) type_specific.io-github-autotest-libvirt.memory.devices.virtio_mem.change_memory.file.normal_requested.running_guest: STARTED
(1/1) type_specific.io-github-autotest-libvirt.memory.devices.virtio_mem.change_memory.file.normal_requested.running_guest: PASS (209.38 s)
(1/1) type_specific.io-github-autotest-libvirt.vIOMMU.hotplug_device_with_iommu_enabled.e1000e.intel: STARTED
(1/1) type_specific.io-github-autotest-libvirt.vIOMMU.hotplug_device_with_iommu_enabled.e1000e.intel: PASS (221.27 s)

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the update_boot_option utility by introducing robust support for managing kernel arguments in immutable operating system environments, such as those utilizing Bootc or OSTree. Previously, the function relied solely on grubby, which is not applicable to image-based systems. The new implementation intelligently detects the system's boot mode and, for image-based systems, directly manipulates bootloader configuration files to ensure proper kernel argument updates. This change broadens the utility's applicability and improves test coverage for modern system architectures.

Highlights

• Image Mode Support: Extended the update_boot_option function to support modifying kernel arguments on systems running in image mode (e.g., Bootc/OSTree based systems).
• Boot Entry Modification: Implemented logic to identify the active OSTree boot entry and directly modify its configuration file using sed commands, ensuring persistence across reboots in image mode.
• Conditional Logic: Introduced a check for image_mode to dynamically switch between the new image mode kernel argument modification logic and the existing grubby-based approach for traditional systems.
• Dependency: Added an import for utils_sys to enable the detection of image mode.

Changelog

• virttest/utils_test/init.py
  • Imported the utils_sys module to facilitate system mode detection.
  • Modified the update_boot_option function to include conditional logic for image mode.
  • Added new code paths within update_boot_option to handle kernel argument modification for image-based systems by identifying and editing boot entry files.
  • Refactored the existing grubby command construction slightly for traditional boot modes.

Activity

• The pull request description includes test results for type_specific.io-github-autotest-libvirt.memory.devices.virtio_mem.change_memory.file.normal_requested.running_guest and type_specific.io-github-autotest-libvirt.vIOMMU.hotplug_device_with_iommu_enabled.e1000e.intel, both passing.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for updating kernel arguments in image mode by modifying bootloader entries directly. However, a critical security concern has been identified: several command injection vulnerabilities exist in the update_boot_option function. These vulnerabilities stem from the direct use of unvalidated or improperly escaped variables (e.g., from /proc/cmdline, file system, and test parameters) in shell commands like grep, sed, unshare, and grubby. This could allow an attacker to achieve arbitrary command execution on the guest system. Beyond the security issues, the sed command constructions also have robustness issues, such as unquoted filenames, unsafe sed delimiters, and unescaped arguments for regular expressions, which could lead to incorrect behavior. It is strongly recommended to use shlex.quote() for all variables in shell commands to prevent injection, and to address the sed command construction issues for improved reliability.

[liang-cong-red-hat]

@PaulYuuu please help review, thx.