[lxc-devel] [lxd/master] lxd/project: Always allow cloud-init:config drives
stgraber on Github
lxc-bot at linuxcontainers.org
Thu Oct 1 19:23:59 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201001/cd8cf4d5/attachment.bin>
-------------- next part --------------
From 426a43f47025b9205ec36c1bf3931d09d40a681f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 1 Oct 2020 15:23:29 -0400
Subject: [PATCH] lxd/project: Always allow cloud-init:config drives
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/project/permissions.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lxd/project/permissions.go b/lxd/project/permissions.go
index e635490b05..3950396bb6 100644
--- a/lxd/project/permissions.go
+++ b/lxd/project/permissions.go
@@ -403,6 +403,11 @@ func checkRestrictions(project *api.Project, instances []db.Instance, profiles [
return nil
}
+ // Always allow the cloud-init config drive.
+ if device["path"] == "" && device["source"] == "cloud-init:config" {
+ return nil
+ }
+
switch restrictionValue {
case "block":
return fmt.Errorf("Disk devices are forbidden")
More information about the lxc-devel
mailing list