Skip to content

Tighten storage pool permissions (from Incus) (stable-5.21)#16922

Merged
tomponline merged 5 commits intocanonical:stable-5.21from
tomponline:tp-perms
Nov 11, 2025
Merged

Tighten storage pool permissions (from Incus) (stable-5.21)#16922
tomponline merged 5 commits intocanonical:stable-5.21from
tomponline:tp-perms

Conversation

@tomponline
Copy link
Copy Markdown
Member

@tomponline tomponline commented Nov 11, 2025

Pulls in fix from lxc/incus#2642 (via #16904)

Related to lxc/incus#2641

Fix for GHSA-56mx-8g9f-5crf CVE-2025-64507

stgraber and others added 5 commits November 11, 2025 08:19
@stgraber @tomponline
lxd/storage: Tighten storage pool volume permissions
049d86d 
Related to lxc/incus#2641

Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit b0c6c0bac42c6ac27d536984cc043a6ec02b9e7c)
Signed-off-by: Thomas Parrott <[email protected]>
License: Apache-2.0
(cherry picked from commit 7598d5a)
@tomponline
lxd/storage/drivers/volume: Add comments explaining differences in Ba…
10ad9d7 
…seDirectories permissions

Signed-off-by: Thomas Parrott <[email protected]>
(cherry picked from commit 52a551c)
@tomponline
lxd/storage/backend/lxd: Replace deprecated os.IsExist
9721927 
Signed-off-by: Thomas Parrott <[email protected]>
(cherry picked from commit 89c0906)
@stgraber @tomponline
lxd/patches: Re-apply storage permissions on update
b2d38e8 
Related to lxc/incus#2641

Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit 3abdc12cf6a8dce391d28d340a32c137125357dd)
Signed-off-by: Thomas Parrott <[email protected]>
License: Apache-2.0
(cherry picked from commit 87a34bb)
@tomponline
test: Add tests for storage directory permissions
6fa0891 
Signed-off-by: Thomas Parrott <[email protected]>
(cherry picked from commit 67a5819)
@tomponline tomponline self-assigned this Nov 11, 2025
This was referenced Nov 11, 2025
Merged
Merged
@tomponline tomponline marked this pull request as ready for review November 11, 2025 09:23
roosterfish
roosterfish approved these changes Nov 11, 2025
View reviewed changes
@tomponline tomponline merged commit d4a0613 into canonical:stable-5.21 Nov 11, 2025
29 checks passed
@tomponline tomponline deleted the tp-perms branch November 11, 2025 09:55
tomponline added a commit that referenced this pull request Nov 11, 2025
@tomponline
Tighten storage pool permissions (from Incus) (stable-5.0) (#16923)
76c9c52 
Pulls in fix from lxc/incus#2642 (from
#16904 via
#16922)

Related to lxc/incus#2641

Fix for
[GHSA-56mx-8g9f-5crf](GHSA-56mx-8g9f-5crf)
CVE-2025-64507
tomponline added a commit to tomponline/lxd-pkg-snap that referenced this pull request Nov 11, 2025
@tomponline
lxd: Cherry-pick directory permission fix
ec78495 
Fix from canonical/lxd#16922

Signed-off-by: Thomas Parrott <[email protected]>
This was referenced Nov 11, 2025
Merged
Merged
tomponline added a commit to canonical/lxd-pkg-snap that referenced this pull request Nov 11, 2025
@tomponline
lxd: Cherry-pick directory permission fix (5.21-candidate) (#960)
2d377ea 
Fix from canonical/lxd#16922
@GoVulnBot GoVulnBot mentioned this pull request Nov 14, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roosterfish roosterfish roosterfish approved these changes

@simondeziel simondeziel Awaiting requested review from simondeziel

@markylaing markylaing Awaiting requested review from markylaing

@MusicDin MusicDin Awaiting requested review from MusicDin

Assignees

@tomponline tomponline

Labels

5.21 LTS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tomponline @roosterfish @stgraber