lxd icon indicating copy to clipboard operation
lxd copied to clipboard
verified publisher icon canonical

The source of an instance/volume copy should be checked for CAN_VIEW permission

Open tomponline opened this issue 1 month ago • 0 comments

Please confirm

  • [x] I have searched existing issues to check if an issue already exists for the bug I encountered.

Distribution

N/A

Distribution version

N/A

Output of "snap list --all lxd core20 core22 core24 snapd"

N/A

Output of "lxc info" or system info if it fails

N/A

Issue description

When copying an instance, instance snapshot, volume or volume snapshot we should check that the user performing the operation has CAN_VIEW on the source entity.

This is similar to how you need CAN_VIEW today to export an instance or a volume.

Steps to reproduce

N/A

Information to attach

  • [ ] Any relevant kernel output (dmesg)
  • [ ] Instance log (lxc info NAME --show-log)
  • [ ] Instance configuration (lxc config show NAME --expanded)
  • [ ] Main daemon log (at /var/log/lxd/lxd.log or /var/snap/lxd/common/lxd/logs/lxd.log)
  • [ ] Output of the client with --debug
  • [ ] Output of the daemon with --debug (or use lxc monitor while reproducing the issue)

tomponline avatar Nov 18 '25 16:11 tomponline