From 29dd916d1325d2f2224e70e00e054c41578bb068 Mon Sep 17 00:00:00 2001
From: Wesley Hershberger <wesley.hershberger@canonical.com>
Date: Tue, 3 Sep 2024 17:32:12 -0500
Subject: [PATCH] test: restricted.devices.disk project restrictions

Signed-off-by: Wesley Hershberger <wesley.hershberger@canonical.com>
---
 test/suites/projects.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/test/suites/projects.sh b/test/suites/projects.sh
index b34fad3a4d1d..738cbe275f3d 100644
--- a/test/suites/projects.sh
+++ b/test/suites/projects.sh
@@ -972,6 +972,28 @@ test_projects_restrictions() {
   lxc project set p1 restricted.devices.disk=block
   ! lxc profile device add default data disk pool="${pool}" path=/mnt source="v-proj$$" || false
 
+  restrictedDir="/opt/projects_restricted"
+  mkdir "${restrictedDir}"
+  tmpDir=$(mktemp -d)
+  optDir=$(mktemp -d --tmpdir="${restrictedDir}")
+
+  # Block unmanaged disk devices
+  lxc project set p1 restricted.devices.disk=managed
+  ! lxc profile device add default data disk path=/mnt source="${tmpDir}" || false
+
+  # Allow unmanaged disk devices
+  lxc project set p1 restricted.devices.disk=allow
+  lxc profile device add default data disk path=/mnt source="${tmpDir}"
+  lxc profile device remove default data
+
+  # Path restrictions
+  lxc project set p1 restricted.devices.disk.paths="${restrictedDir}"
+  ! lxc profile device add default data disk path=/mnt source="${tmpDir}" || false
+  lxc profile device add default data disk path=/mnt source="${optDir}"
+  lxc profile device remove default data
+
+  rm -r "${tmpDir}" "${optDir}" "${restrictedDir}"
+
   # Setting restricted.containers.nesting to 'allow' makes it possible to create
   # nested containers.
   lxc project set p1 restricted.containers.nesting=allow