Date: Mon, 7 Jan 2019 16:16:47 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r342849 - head/lib/libbe Message-ID: <201901071616.x07GGllJ008256@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Mon Jan 7 16:16:47 2019 New Revision: 342849 URL: https://svnweb.freebsd.org/changeset/base/342849 Log: libbe(3): Don't allow bootfs to be destroyed Previously, the following sequence of events was feasible under some circumstance: bectl create test bectl activate test # the test BE dataset gets promoted and set as bootfs bectl destroy test I was unable to reproduce the destroy succeeding, but we should be rejecting this before it even gets to libzfs because it would leave the system in an inconsistent state. Forcing the user to be explicit as to which environment should be activated instead is much better. Reported by: Graham Perrin <grahamperrin@gmail.com> MFC after: 3 days Modified: head/lib/libbe/be.c Modified: head/lib/libbe/be.c ============================================================================== --- head/lib/libbe/be.c Mon Jan 7 15:53:54 2019 (r342848) +++ head/lib/libbe/be.c Mon Jan 7 16:16:47 2019 (r342849) @@ -211,7 +211,8 @@ be_destroy(libbe_handle_t *lbh, const char *name, int if (!zfs_dataset_exists(lbh->lzh, path, ZFS_TYPE_FILESYSTEM)) return (set_error(lbh, BE_ERR_NOENT)); - if (strcmp(path, lbh->rootfs) == 0) + if (strcmp(path, lbh->rootfs) == 0 || + strcmp(path, lbh->bootfs) == 0) return (set_error(lbh, BE_ERR_DESTROYACT)); fs = zfs_open(lbh->lzh, p, ZFS_TYPE_FILESYSTEM);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901071616.x07GGllJ008256>