move: Bypass security.protection.delete

stgraber on Github Thu, 22 Oct 2020 06:52:01 -0700

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8076


This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Closes #8075

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>

From 20d1f8c00596b8aa84bfc50a00757be78807718f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Thu, 22 Oct 2020 09:50:19 -0400
Subject: [PATCH] lxc/move: Bypass security.protection.delete
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #8075

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxc/delete.go | 24 ++++++++++++++++++++++--
 lxc/move.go   |  1 +
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/lxc/delete.go b/lxc/delete.go
index 7bc3caf4f0..5aad5dfe4c 100644
--- a/lxc/delete.go
+++ b/lxc/delete.go
@@ -18,8 +18,9 @@ import (
 type cmdDelete struct {
        global *cmdGlobal
 
-       flagForce       bool
-       flagInteractive bool
+       flagForce          bool
+       flagForceProtected bool
+       flagInteractive    bool
 }
 
 func (c *cmdDelete) Command() *cobra.Command {
@@ -125,6 +126,25 @@ func (c *cmdDelete) Run(cmd *cobra.Command, args []string) 
error {
                        }
                }
 
+               if c.flagForceProtected && 
shared.IsTrue(ct.ExpandedConfig["security.protection.delete"]) {
+                       // Refresh in case we had to stop it above.
+                       ct, etag, err := 
resource.server.GetInstance(resource.name)
+                       if err != nil {
+                               return err
+                       }
+
+                       ct.Config["security.protection.delete"] = "false"
+                       op, err := 
resource.server.UpdateInstance(resource.name, ct.Writable(), etag)
+                       if err != nil {
+                               return err
+                       }
+
+                       err = op.Wait()
+                       if err != nil {
+                               return err
+                       }
+               }
+
                if err := c.doDelete(resource.server, resource.name); err != 
nil {
                        return err
                }
diff --git a/lxc/move.go b/lxc/move.go
index 8a1b812976..f77bf6f222 100644
--- a/lxc/move.go
+++ b/lxc/move.go
@@ -198,6 +198,7 @@ func (c *cmdMove) Run(cmd *cobra.Command, args []string) 
error {
 
        del := cmdDelete{global: c.global}
        del.flagForce = true
+       del.flagForceProtected = true
        err = del.Run(cmd, args[:1])
        if err != nil {
                return errors.Wrap(err, "Failed to delete original instance 
after copying it")

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxd/master] lxc/move: Bypass security.protection.delete

Reply via email to