From 7ffb33ded9e043c3edd8d8bba86e62ec0fcc4338 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Fri, 1 Sep 2023 12:44:18 +0200 Subject: [PATCH] zfs: Disallow block.* settings for regular custom block volumes Fixes #12188 Signed-off-by: Thomas Hipp --- lxd/storage/drivers/driver_zfs_volumes.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lxd/storage/drivers/driver_zfs_volumes.go b/lxd/storage/drivers/driver_zfs_volumes.go index e9d5b802ec33..bf2eef6916e7 100644 --- a/lxd/storage/drivers/driver_zfs_volumes.go +++ b/lxd/storage/drivers/driver_zfs_volumes.go @@ -1512,8 +1512,6 @@ func (d *zfs) HasVolume(vol Volume) (bool, error) { // commonVolumeRules returns validation rules which are common for pool and volume. func (d *zfs) commonVolumeRules() map[string]func(value string) error { return map[string]func(value string) error{ - "block.filesystem": validate.Optional(validate.IsOneOf(blockBackedAllowedFilesystems...)), - "block.mount_options": validate.IsAny, "zfs.block_mode": validate.Optional(validate.IsBool), "zfs.blocksize": validate.Optional(ValidateZfsBlocksize), "zfs.remove_snapshots": validate.Optional(validate.IsBool), @@ -1525,6 +1523,16 @@ func (d *zfs) commonVolumeRules() map[string]func(value string) error { // ValidateVolume validates the supplied volume config. func (d *zfs) ValidateVolume(vol Volume, removeUnknownKeys bool) error { + commonRules := d.commonVolumeRules() + + // Ensure that block.* settings are only allowed for block-backed volumes with either content + // type `filesystem` set, or are block volumes for virtual machines or associated images. This + // disallows block.* settings for regular custom block volumes. + if vol.IsBlockBacked() && (vol.ContentType() == ContentTypeFS || vol.IsVMBlock()) { + commonRules["block.filesystem"] = validate.Optional(validate.IsOneOf(blockBackedAllowedFilesystems...)) + commonRules["block.mount_options"] = validate.IsAny + } + return d.validateVolume(vol, d.commonVolumeRules(), removeUnknownKeys) }