Merge pull request #2355 from stgraber/storage

incusd/storage: Fix EnsureMountPath to avoid resetting permissions

Author: tych0

internal/server/storage/backend.go

@@ -5925,7 +5925,7 @@ func (b *backend) ImportCustomVolume(projectName string, poolVol *backupConfig.C
 	vol := b.GetVolume(drivers.VolumeTypeCustom, drivers.ContentType(poolVol.Volume.ContentType), volStorageName, volumeConfig)
 
 	// Create the mount path if needed.
-	err = vol.EnsureMountPath()
+	err = vol.EnsureMountPath(false)
 	if err != nil {
 		return nil, err
 	}
@@ -5939,7 +5939,7 @@ func (b *backend) ImportCustomVolume(projectName string, poolVol *backupConfig.C
 			return nil, err
 		}
 
-		err = snapVol.EnsureMountPath()
+		err = snapVol.EnsureMountPath(false)
 		if err != nil {
 			return nil, err
 		}
@@ -7021,7 +7021,7 @@ func (b *backend) ImportInstance(inst instance.Instance, poolVol *backupConfig.C
 		return nil, err
 	}
 
-	err = vol.EnsureMountPath()
+	err = vol.EnsureMountPath(false)
 	if err != nil {
 		return nil, err
 	}
@@ -7074,7 +7074,7 @@ func (b *backend) ImportInstance(inst instance.Instance, poolVol *backupConfig.C
 				return nil, err
 			}
 
-			err = snapVol.EnsureMountPath()
+			err = snapVol.EnsureMountPath(false)
 			if err != nil {
 				return nil, err
 			}

internal/server/storage/drivers/driver_btrfs_volumes.go

@@ -135,7 +135,7 @@ func (d *btrfs) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.Op
 	}
 
 	// Tweak any permissions that need tweaking after filling.
-	err = vol.EnsureMountPath()
+	err = vol.EnsureMountPath(true)
 	if err != nil {
 		return err
 	}
@@ -452,7 +452,7 @@ func (d *btrfs) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots bo
 	}
 
 	// Fixup permissions after snapshot created.
-	err = vol.EnsureMountPath()
+	err = vol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}
@@ -1198,7 +1198,7 @@ func (d *btrfs) MountVolume(vol Volume, op *operations.Operation) error {
 	// Don't attempt to modify the permission of an existing custom volume root.
 	// A user inside the instance may have modified this and we don't want to reset it on restart.
 	if !util.PathExists(vol.MountPath()) || vol.volType != VolumeTypeCustom {
-		err := vol.EnsureMountPath()
+		err := vol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -1865,7 +1865,7 @@ func (d *btrfs) MountVolumeSnapshot(snapVol Volume, op *operations.Operation) er
 	// Don't attempt to modify the permission of an existing custom volume root.
 	// A user inside the instance may have modified this and we don't want to reset it on restart.
 	if !util.PathExists(snapPath) || snapVol.volType != VolumeTypeCustom {
-		err := snapVol.EnsureMountPath()
+		err := snapVol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}

internal/server/storage/drivers/driver_ceph_volumes.go

@@ -55,7 +55,7 @@ func (d *ceph) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.Ope
 
 	if vol.contentType == ContentTypeFS {
 		// Create mountpoint.
-		err := vol.EnsureMountPath()
+		err := vol.EnsureMountPath(true)
 		if err != nil {
 			return err
 		}
@@ -225,7 +225,7 @@ func (d *ceph) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.Ope
 		if vol.contentType == ContentTypeFS {
 			// Run EnsureMountPath again after mounting and filling to ensure the mount directory has
 			// the correct permissions set.
-			err = vol.EnsureMountPath()
+			err = vol.EnsureMountPath(true)
 			if err != nil {
 				return err
 			}
@@ -350,7 +350,7 @@ func (d *ceph) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots boo
 
 			// Mount the volume and ensure the permissions are set correctly inside the mounted volume.
 			err = v.MountTask(func(_ string, _ *operations.Operation) error {
-				return v.EnsureMountPath()
+				return v.EnsureMountPath(false)
 			}, op)
 			if err != nil {
 				return err
@@ -500,7 +500,7 @@ func (d *ceph) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots boo
 			return err
 		}
 
-		err = snapVol.EnsureMountPath()
+		err = snapVol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -526,7 +526,7 @@ func (d *ceph) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots boo
 // CreateVolumeFromMigration creates a volume being sent via a migration.
 func (d *ceph) CreateVolumeFromMigration(vol Volume, conn io.ReadWriteCloser, volTargetArgs localMigration.VolumeTargetArgs, preFiller *VolumeFiller, op *operations.Operation) error {
 	if volTargetArgs.ClusterMoveSourceName != "" && volTargetArgs.StoragePool == "" {
-		err := vol.EnsureMountPath()
+		err := vol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -571,7 +571,7 @@ func (d *ceph) CreateVolumeFromMigration(vol Volume, conn io.ReadWriteCloser, vo
 		}
 	}
 
-	err = vol.EnsureMountPath()
+	err = vol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}
@@ -599,7 +599,7 @@ func (d *ceph) CreateVolumeFromMigration(vol Volume, conn io.ReadWriteCloser, vo
 				return err
 			}
 
-			err = snapVol.EnsureMountPath()
+			err = snapVol.EnsureMountPath(false)
 			if err != nil {
 				return err
 			}
@@ -1206,7 +1206,7 @@ func (d *ceph) MountVolume(vol Volume, op *operations.Operation) error {
 	if vol.contentType == ContentTypeFS {
 		mountPath := vol.MountPath()
 		if !linux.IsMountPoint(mountPath) {
-			err := vol.EnsureMountPath()
+			err := vol.EnsureMountPath(false)
 			if err != nil {
 				return err
 			}
@@ -1501,7 +1501,7 @@ func (d *ceph) CreateVolumeSnapshot(snapVol Volume, op *operations.Operation) er
 		return err
 	}
 
-	err = snapVol.EnsureMountPath()
+	err = snapVol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}
@@ -1601,7 +1601,7 @@ func (d *ceph) MountVolumeSnapshot(snapVol Volume, op *operations.Operation) err
 	mountPath := snapVol.MountPath()
 
 	if snapVol.contentType == ContentTypeFS && !linux.IsMountPoint(mountPath) {
-		err := snapVol.EnsureMountPath()
+		err := snapVol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}

internal/server/storage/drivers/driver_cephfs_volumes.go

@@ -37,7 +37,7 @@ func (d *cephfs) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.O
 
 	// Create the main volume path.
 	volPath := vol.MountPath()
-	err := vol.EnsureMountPath()
+	err := vol.EnsureMountPath(true)
 	if err != nil {
 		return err
 	}
@@ -77,7 +77,7 @@ func (d *cephfs) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots b
 
 	// Create the main volume path.
 	volPath := vol.MountPath()
-	err := vol.EnsureMountPath()
+	err := vol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}
@@ -148,7 +148,7 @@ func (d *cephfs) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots b
 
 		// Run EnsureMountPath after mounting and copying to ensure the mounted directory has the
 		// correct permissions set.
-		return vol.EnsureMountPath()
+		return vol.EnsureMountPath(false)
 	}, op)
 	if err != nil {
 		return err
@@ -166,7 +166,7 @@ func (d *cephfs) CreateVolumeFromMigration(vol Volume, conn io.ReadWriteCloser,
 
 	// Create the main volume path.
 	volPath := vol.MountPath()
-	err := vol.EnsureMountPath()
+	err := vol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}

internal/server/storage/drivers/driver_dir_volumes.go

@@ -35,7 +35,7 @@ func (d *dir) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.Oper
 	}
 
 	// Create the volume itself.
-	err := vol.EnsureMountPath()
+	err := vol.EnsureMountPath(true)
 	if err != nil {
 		return err
 	}
@@ -379,7 +379,7 @@ func (d *dir) MountVolume(vol Volume, op *operations.Operation) error {
 	// Don't attempt to modify the permission of an existing custom volume root.
 	// A user inside the instance may have modified this and we don't want to reset it on restart.
 	if !util.PathExists(vol.MountPath()) || vol.volType != VolumeTypeCustom {
-		err := vol.EnsureMountPath()
+		err := vol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -429,7 +429,7 @@ func (d *dir) CreateVolumeSnapshot(snapVol Volume, op *operations.Operation) err
 	parentName, _, _ := api.GetParentAndSnapshotName(snapVol.name)
 
 	// Create snapshot directory.
-	err := snapVol.EnsureMountPath()
+	err := snapVol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}
@@ -523,7 +523,7 @@ func (d *dir) MountVolumeSnapshot(snapVol Volume, op *operations.Operation) erro
 	// Don't attempt to modify the permission of an existing custom volume root.
 	// A user inside the instance may have modified this and we don't want to reset it on restart.
 	if !util.PathExists(snapPath) || snapVol.volType != VolumeTypeCustom {
-		err := snapVol.EnsureMountPath()
+		err := snapVol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}

internal/server/storage/drivers/driver_linstor_volumes.go

@@ -110,7 +110,7 @@ func (d *linstor) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.
 
 	if vol.contentType == ContentTypeFS {
 		// Create mountpoint.
-		err := vol.EnsureMountPath()
+		err := vol.EnsureMountPath(true)
 		if err != nil {
 			return err
 		}
@@ -241,7 +241,7 @@ func (d *linstor) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.
 		if vol.contentType == ContentTypeFS {
 			// Run EnsureMountPath again after mounting and filling to ensure the mount directory has
 			// the correct permissions set.
-			err = vol.EnsureMountPath()
+			err = vol.EnsureMountPath(true)
 			if err != nil {
 				return err
 			}
@@ -289,7 +289,7 @@ func (d *linstor) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots
 			// ISO volumes like filesystem volumes when performing the copy. This implies
 			// that the mount path for the volume must exist before the copying starts.
 			if srcVol.contentType == ContentTypeISO {
-				err := srcVol.EnsureMountPath()
+				err := srcVol.EnsureMountPath(false)
 				if err != nil {
 					return err
 				}
@@ -333,7 +333,7 @@ func (d *linstor) CreateVolumeFromCopy(vol Volume, srcVol Volume, copySnapshots
 		}
 
 		// Create mountpoint.
-		err = vol.EnsureMountPath()
+		err = vol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -549,7 +549,7 @@ func (d *linstor) MountVolume(vol Volume, op *operations.Operation) error {
 		mountPath := vol.MountPath()
 		l.Debug("Content type FS", logger.Ctx{"mountPath": mountPath})
 		if !linux.IsMountPoint(mountPath) {
-			err := vol.EnsureMountPath()
+			err := vol.EnsureMountPath(false)
 			if err != nil {
 				return err
 			}
@@ -697,7 +697,7 @@ func (d *linstor) CreateVolumeSnapshot(snapVol Volume, op *operations.Operation)
 		return err
 	}
 
-	err = snapVol.EnsureMountPath()
+	err = snapVol.EnsureMountPath(false)
 	if err != nil {
 		return err
 	}
@@ -884,7 +884,7 @@ func (d *linstor) MountVolumeSnapshot(snapVol Volume, op *operations.Operation)
 		mountPath := snapVol.MountPath()
 		l.Debug("Content type FS", logger.Ctx{"mountPath": mountPath})
 		if !linux.IsMountPoint(mountPath) {
-			err := snapVol.EnsureMountPath()
+			err := snapVol.EnsureMountPath(false)
 			if err != nil {
 				return err
 			}
@@ -1164,7 +1164,7 @@ func (d *linstor) CreateVolumeFromMigration(vol Volume, conn io.ReadWriteCloser,
 			return err
 		}
 
-		err = vol.EnsureMountPath()
+		err = vol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -1175,7 +1175,7 @@ func (d *linstor) CreateVolumeFromMigration(vol Volume, conn io.ReadWriteCloser,
 		if vol.IsVMBlock() {
 			fsVol := vol.NewVMBlockFilesystemVolume()
 
-			err = fsVol.EnsureMountPath()
+			err = fsVol.EnsureMountPath(false)
 			if err != nil {
 				return err
 			}

internal/server/storage/drivers/driver_lvm_utils.go

@@ -661,7 +661,7 @@ func (d *lvm) copyThinpoolVolume(vol, srcVol Volume, srcSnapshots []Volume, refr
 			}
 
 			newSnapVolPath := newSnapVol.MountPath()
-			err = newSnapVol.EnsureMountPath()
+			err = newSnapVol.EnsureMountPath(false)
 			if err != nil {
 				return err
 			}
@@ -712,7 +712,7 @@ func (d *lvm) copyThinpoolVolume(vol, srcVol Volume, srcSnapshots []Volume, refr
 		}
 	} else {
 		volPath := vol.MountPath()
-		err := vol.EnsureMountPath()
+		err := vol.EnsureMountPath(false)
 		if err != nil {
 			return err
 		}
@@ -756,7 +756,7 @@ func (d *lvm) copyThinpoolVolume(vol, srcVol Volume, srcSnapshots []Volume, refr
 
 		// Mount the volume and ensure the permissions are set correctly inside the mounted volume.
 		err = vol.MountTask(func(_ string, _ *operations.Operation) error {
-			return vol.EnsureMountPath()
+			return vol.EnsureMountPath(false)
 		}, nil)
 		if err != nil {
 			return err