Date: Tue, 15 Jan 2019 18:21:06 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r343049 - stable/12/lib/libbe Message-ID: <201901151821.x0FIL6Ot023525@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Tue Jan 15 18:21:06 2019 New Revision: 343049 URL: https://svnweb.freebsd.org/changeset/base/343049 Log: MFC r342849: libbe(3): Don't allow bootfs to be destroyed Previously, the following sequence of events was feasible under some circumstance: bectl create test bectl activate test # the test BE dataset gets promoted and set as bootfs bectl destroy test I was unable to reproduce the destroy succeeding, but we should be rejecting this before it even gets to libzfs because it would leave the system in an inconsistent state. Forcing the user to be explicit as to which environment should be activated instead is much better. Modified: stable/12/lib/libbe/be.c Directory Properties: stable/12/ (props changed) Modified: stable/12/lib/libbe/be.c ============================================================================== --- stable/12/lib/libbe/be.c Tue Jan 15 18:20:20 2019 (r343048) +++ stable/12/lib/libbe/be.c Tue Jan 15 18:21:06 2019 (r343049) @@ -211,7 +211,8 @@ be_destroy(libbe_handle_t *lbh, const char *name, int if (!zfs_dataset_exists(lbh->lzh, path, ZFS_TYPE_FILESYSTEM)) return (set_error(lbh, BE_ERR_NOENT)); - if (strcmp(path, lbh->rootfs) == 0) + if (strcmp(path, lbh->rootfs) == 0 || + strcmp(path, lbh->bootfs) == 0) return (set_error(lbh, BE_ERR_DESTROYACT)); fs = zfs_open(lbh->lzh, p, ZFS_TYPE_FILESYSTEM);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901151821.x0FIL6Ot023525>