[lxc-devel] [lxd/master] Prevent deleting or renaming the default profile

monstermunchkin on Github lxc-bot at linuxcontainers.org
Mon Jul 16 16:48:01 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 321 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180716/cce938ad/attachment.bin>
-------------- next part --------------
From 8f09930193ad3ab0f31f79b1b3100be80f44ffee Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 16 Jul 2018 12:51:21 +0200
Subject: [PATCH 1/4] doc: Note that default profile cannot be deleted/renamed

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 doc/profiles.md | 2 ++
 doc/rest-api.md | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/doc/profiles.md b/doc/profiles.md
index 08d1eb9ae..9d08916e6 100644
--- a/doc/profiles.md
+++ b/doc/profiles.md
@@ -10,6 +10,8 @@ the profiles.
 
 If not present, LXD will create a `default` profile.
 
+The `default` profile cannot be renamed or removed.
+
 The `default` profile is set for any new container created which doesn't
 specify a different profiles list.
 
diff --git a/doc/rest-api.md b/doc/rest-api.md
index 3c8d2f98e..54ac383c9 100644
--- a/doc/rest-api.md
+++ b/doc/rest-api.md
@@ -2209,6 +2209,8 @@ the renamed resource.
 
 Renaming to an existing name must return the 409 (Conflict) HTTP code.
 
+Attempting to rename the `default` profile will return the 403 (Forbidden) HTTP code.
+
 ### DELETE
  * Description: remove a profile
  * Authentication: trusted
@@ -2222,6 +2224,8 @@ Input (none at present):
 
 HTTP code for this should be 202 (Accepted).
 
+Attempting to delete the `default` profile will return the 403 (Forbidden) HTTP code.
+
 ## `/1.0/storage-pools`
 ### GET
  * Description: list of storage pools

From de48fec83f715b3158a94a31f5739e2dba1d3cb7 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 16 Jul 2018 16:40:24 +0200
Subject: [PATCH 2/4] doc,shared: Add API extension for permanent default
 profile

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 doc/api-extensions.md | 3 +++
 shared/version/api.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 96b8f0b67..e371ce596 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -551,3 +551,6 @@ This adds a new core.debug\_address config option to start a debugging HTTP serv
 
 That server currently includes a pprof API and replaces the old
 cpu-profile, memory-profile and print-goroutines debug options.
+
+## persistent\_default\_profile
+This prevents the `default` profile from being renamed or deleted.
diff --git a/shared/version/api.go b/shared/version/api.go
index 323e6cf5d..9a631c760 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -115,6 +115,7 @@ var APIExtensions = []string{
 	"container_protection_delete",
 	"unix_priv_drop",
 	"pprof_http",
+	"persistent_default_profile",
 }
 
 // APIExtensionsCount returns the number of available API extensions.

From 983d874199980e930d1046715937c352db3f83e2 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 16 Jul 2018 16:40:48 +0200
Subject: [PATCH 3/4] lxd: Prevent renaming/deletion of the default profile

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 lxd/profiles.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lxd/profiles.go b/lxd/profiles.go
index 5cb6bf963..c0d387817 100644
--- a/lxd/profiles.go
+++ b/lxd/profiles.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
 
 	lxd "github.com/lxc/lxd/client"
 	"github.com/lxc/lxd/lxd/cluster"
@@ -291,6 +292,10 @@ func profilePatch(d *Daemon, r *http.Request) Response {
 func profilePost(d *Daemon, r *http.Request) Response {
 	name := mux.Vars(r)["name"]
 
+	if name == "default" {
+		return Forbidden(errors.New("The 'default' profile cannot be renamed"))
+	}
+
 	req := api.ProfilePost{}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		return BadRequest(err)
@@ -327,6 +332,10 @@ func profilePost(d *Daemon, r *http.Request) Response {
 func profileDelete(d *Daemon, r *http.Request) Response {
 	name := mux.Vars(r)["name"]
 
+	if name == "default" {
+		return Forbidden(errors.New("The 'default' profile cannot be deleted"))
+	}
+
 	_, err := doProfileGet(d.State(), name)
 	if err != nil {
 		return SmartError(err)

From 0e454484afb6577ce09ee4cfcdb66199f65b3153 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Mon, 16 Jul 2018 18:46:22 +0200
Subject: [PATCH 4/4] test: Test default profile renaming/deletion

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 test/includes/check.sh | 13 ++++++++++++-
 test/includes/lxd.sh   |  7 +++++++
 test/suites/basic.sh   |  4 ++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/test/includes/check.sh b/test/includes/check.sh
index cf83b5f0b..015c98c5a 100644
--- a/test/includes/check.sh
+++ b/test/includes/check.sh
@@ -26,9 +26,20 @@ check_empty() {
 }
 
 check_empty_table() {
+    # The profiles table will never be empty since the `default` profile cannot
+    # be deleted.
+    if [ "$2" == 'profiles' ]; then
+        if [ -n "$(sqlite3 "${1}" "SELECT * FROM ${2} WHERE name != 'default';")" ]; then
+          echo "DB table ${2} is not empty, content:"
+          sqlite3 "${1}" "SELECT * FROM ${2} WHERE name != 'default';"
+          return 1
+        fi
+        return 0
+    fi
+
     if [ -n "$(sqlite3 "${1}" "SELECT * FROM ${2};")" ]; then
         echo "DB table ${2} is not empty, content:"
         sqlite3 "${1}" "SELECT * FROM ${2};"
-        false
+        return 1
     fi
 }
diff --git a/test/includes/lxd.sh b/test/includes/lxd.sh
index 826b7f978..3f589cc07 100644
--- a/test/includes/lxd.sh
+++ b/test/includes/lxd.sh
@@ -164,6 +164,13 @@ kill_lxd() {
             lxc profile delete "${profile}" --force-local || true
         done
 
+        # Delete all devices of the default profile since the profile itself
+        # cannot be deleted.
+        echo "==> Deleting all devices of the default profile"
+        for device in $(lxc profile device list default --force-local); do
+            lxc profile device remove default "${device}" --force-local || true
+        done
+
         echo "==> Deleting all storage pools"
         for storage in $(lxc storage list --force-local | tail -n+3 | grep "^| " | cut -d' ' -f2); do
             lxc storage delete "${storage}" --force-local || true
diff --git a/test/suites/basic.sh b/test/suites/basic.sh
index e7822f7dc..8b17846fe 100644
--- a/test/suites/basic.sh
+++ b/test/suites/basic.sh
@@ -477,4 +477,8 @@ test_basic_usage() {
 
   lxc stop foo --force || true
   ! lxc list | grep -q foo || false
+
+  # Test renaming/deletion of the default profile
+  lxc profile rename default foobar 2>&1 | grep -q "Error: The 'default' profile cannot be renamed"
+  lxc profile delete default 2>&1 | grep -q "Error: The 'default' profile cannot be deleted"
 }

More information about the lxc-devel mailing list