lxd/storage: Check disabling security.shared on virtual-machine volumes

If a virtual-machine volume is attached to more than one instance, don't allow removing security.shared. Signed-off-by: Wesley Hershberger <[email protected]>
canonical · Dec 2, 2024 · 23d5461 · 23d5461
1 parent 3fb477a
commit 23d5461
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go
@@ -2920,6 +2920,13 @@ func (b *lxdBackend) UpdateInstance(inst instance.Instance, newDesc string, newC
 			return fmt.Errorf(`Instance volume "volatile.uuid" property cannot be changed`)
 		}
 
+		if shared.IsFalseOrEmpty(changedConfig["security.shared"]) && volDBType == cluster.StoragePoolVolumeTypeVM {
+			err = allowRemoveSecurityShared(b.state, inst.Project().Name, &curVol.StorageVolume)
+			if err != nil {
+				return err
+			}
+		}
+
 		// Load storage volume from database.
 		dbVol, err := VolumeDBGet(b, inst.Project().Name, inst.Name(), volType)
 		if err != nil {