svn commit: r343049 - stable/12/lib/libbe

[Kyle Evans]

Author: kevans
Date: Tue Jan 15 18:21:06 2019
New Revision: 343049
URL: https://svnweb.freebsd.org/changeset/base/343049

Log:
  MFC r342849: libbe(3): Don't allow bootfs to be destroyed
  
  Previously, the following sequence of events was feasible under some
  circumstance:
  
  bectl create test
  bectl activate test
  # the test BE dataset gets promoted and set as bootfs
  bectl destroy test
  
  I was unable to reproduce the destroy succeeding, but we should be rejecting
  this before it even gets to libzfs because it would leave the system in an
  inconsistent state. Forcing the user to be explicit as to which environment
  should be activated instead is much better.

Modified:
  stable/12/lib/libbe/be.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/lib/libbe/be.c
==============================================================================
--- stable/12/lib/libbe/be.c	Tue Jan 15 18:20:20 2019	(r343048)
+++ stable/12/lib/libbe/be.c	Tue Jan 15 18:21:06 2019	(r343049)
@@ -211,7 +211,8 @@ be_destroy(libbe_handle_t *lbh, const char *name, int 
 		if (!zfs_dataset_exists(lbh->lzh, path, ZFS_TYPE_FILESYSTEM))
 			return (set_error(lbh, BE_ERR_NOENT));
 
-		if (strcmp(path, lbh->rootfs) == 0)
+		if (strcmp(path, lbh->rootfs) == 0 ||
+		    strcmp(path, lbh->bootfs) == 0)
 			return (set_error(lbh, BE_ERR_DESTROYACT));
 
 		fs = zfs_open(lbh->lzh, p, ZFS_TYPE_FILESYSTEM);