zfs: Disallow block.* settings for regular custom block volumes

Fixes #12188 Signed-off-by: Thomas Hipp <[email protected]>
canonical · Sep 1, 2023 · 7ffb33d · 7ffb33d
1 parent 16ec502
commit 7ffb33d
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/lxd/storage/drivers/driver_zfs_volumes.go b/lxd/storage/drivers/driver_zfs_volumes.go
@@ -1512,8 +1512,6 @@ func (d *zfs) HasVolume(vol Volume) (bool, error) {
 // commonVolumeRules returns validation rules which are common for pool and volume.
 func (d *zfs) commonVolumeRules() map[string]func(value string) error {
 	return map[string]func(value string) error{
-		"block.filesystem":     validate.Optional(validate.IsOneOf(blockBackedAllowedFilesystems...)),
-		"block.mount_options":  validate.IsAny,
 		"zfs.block_mode":       validate.Optional(validate.IsBool),
 		"zfs.blocksize":        validate.Optional(ValidateZfsBlocksize),
 		"zfs.remove_snapshots": validate.Optional(validate.IsBool),
@@ -1525,6 +1523,16 @@ func (d *zfs) commonVolumeRules() map[string]func(value string) error {
 
 // ValidateVolume validates the supplied volume config.
 func (d *zfs) ValidateVolume(vol Volume, removeUnknownKeys bool) error {
+	commonRules := d.commonVolumeRules()
+
+	// Ensure that block.* settings are only allowed for block-backed volumes with either content
+	// type `filesystem` set, or are block volumes for virtual machines or associated images. This
+	// disallows block.* settings for regular custom block volumes.
+	if vol.IsBlockBacked() && (vol.ContentType() == ContentTypeFS || vol.IsVMBlock()) {
+		commonRules["block.filesystem"] = validate.Optional(validate.IsOneOf(blockBackedAllowedFilesystems...))
+		commonRules["block.mount_options"] = validate.IsAny
+	}
+
 	return d.validateVolume(vol, d.commonVolumeRules(), removeUnknownKeys)
 }