Incus-user restricted device with custom volumes


With incus-user, I am trying to attach a custom volume to a profile, but I am running into a permission issue.

~ $ incus storage volume list default
| custom | binpkgs |             | filesystem   | 0       |
~ $ incus profile device add gentoo binpkgs disk pool=default source=binpkgs path=/var/cache/binpkgs
Error: Failed checking if profile update allowed: Invalid device "binpkgs" on profile "gentoo" of project "user-1000": Disk source path "binpkgs" not allowed

I’ve tried to add the source into restricted.devices.disk.paths for my project, but this only seems to take in absolute paths.

~ # incus project get user-1000 restricted.devices.disk.paths
~ # incus project set user-1000 restricted.devices.disk.paths=/home/matt,/other/paths,binpkgs
Error: Invalid project configuration key "restricted.devices.disk.paths" value: Item "binpkgs": Must be absolute file path

In the docs for project configuration, I can’t see any specific syntax for mentioning a managed custom volume instead of a filesystem path. (Project configuration - Incus documentation)

Setting restricted.devices.disk.paths to an empty string works in that I can now attach my volume, but this is not ideal as now any path is allowed. What is the correct way to solve this?

That definitely sounds like a bug, can you file something at Issues · lxc/incus · GitHub?

1 Like

Thanks for the reply!

I’ve filed a GitHub issue: Unable to add custom volume to `restricted.devices.disk.paths` · Issue #706 · lxc/incus · GitHub