From 5a43b284e851ba4ec8f28f7ce2ac0026587cb83a Mon Sep 17 00:00:00 2001 From: Wesley Hershberger Date: Thu, 27 Feb 2025 09:33:40 -0600 Subject: [PATCH] lxd/device/disk: Consider `readonly` for other volume types Prior to this change, the following disk types could have `readonly: true` in their device config and still be mounted rw in VMs: - root disks - cloud-init config drive (unknown to me if a CD image would be writable) - `source: ceph:...` disks - Delegated ceph block volumes Signed-off-by: Wesley Hershberger --- lxd/device/disk.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lxd/device/disk.go b/lxd/device/disk.go index 9ded05d94367..14b2108943e8 100644 --- a/lxd/device/disk.go +++ b/lxd/device/disk.go @@ -1052,6 +1052,10 @@ func (d *disk) startVM() (*deviceConfig.RunConfig, error) { opts = append(opts, "cache="+d.config["io.cache"]) } + if shared.IsTrue(d.config["readonly"]) || d.config["source.snapshot"] != "" { + opts = append(opts, "ro") + } + // Add I/O limits if set. var diskLimits *deviceConfig.DiskLimits if d.config["limits.read"] != "" || d.config["limits.write"] != "" || d.config["limits.max"] != "" { @@ -1228,10 +1232,6 @@ func (d *disk) startVM() (*deviceConfig.RunConfig, error) { mount.Opts = append(mount.Opts, d.detectVMPoolMountOpts()...) } - if shared.IsTrue(d.config["readonly"]) || d.config["source.snapshot"] != "" { - mount.Opts = append(mount.Opts, "ro") - } - // If the source being added is a directory or cephfs share, then we will use the lxd-agent // directory sharing feature to mount the directory inside the VM, and as such we need to // indicate to the VM the target path to mount to.