Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lxd/project: Allow managed volumes under "allow" (from Incus) #14022

Merged
merged 2 commits into from
Sep 4, 2024

Conversation

MggMuggins
Copy link
Contributor

@MggMuggins MggMuggins commented Aug 30, 2024

See the docs for disk device restrictions. This PR prevents checking the restricted.devices.disk.paths for managed devices when restricted.devices.disk: allow.

Contains cherry-picks from lxc/incus#708

There are currently three valid values for `restricted.devices.disk`.

`block` will block everything, `managed` allows only managed volumes and
`allow` allows not only managed volumes but also other types like shared
host paths.

When under `allow`, `restricted.devices.disk.paths` can be used to limit
the host paths that can be passed into the instance.

But that particular restriction should only apply to unmanaged volumes.

Closes lxc/incus#706

Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit 54bb8dd4e1ac6a49dfff66edacbd54948ea219b6)
Signed-off-by: Wesley Hershberger <[email protected]>
License: Apache-2.0
@tomponline
Copy link
Member

We should add a test or 2 for this

@tomponline tomponline changed the title lxd/project: Allow managed volumes under "allow" (From Incus) lxd/project: Allow managed volumes under "allow" (from Incus) Sep 2, 2024
@MggMuggins MggMuggins marked this pull request as ready for review September 3, 2024 23:00
@tomponline tomponline merged commit 156f1ce into canonical:main Sep 4, 2024
29 checks passed
@MggMuggins MggMuggins deleted the allow-managed-volumes branch September 4, 2024 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants