config: add use_vg_without_system_iddev-dct-use-vg-without-system-id

The default is 1 (the existing behavior) which means a
VG without a system ID can accessed by any machine, whether
that machine has a system ID set for itself or not.

When this setting is changed to 0, it means that a VG
without a system ID cannot be accessed.

4 files changed, 18 insertions, 2 deletions

diff --git a/lib/commands/toolcontext.c b/lib/commands/toolcontext.c
index 15e349971..89e8f727d 100644
--- a/lib/commands/toolcontext.c
+++ b/lib/commands/toolcontext.c
@@ -526,6 +526,8 @@ static int _init_system_id(struct cmd_context *cmd)
 	const char *source, *system_id;
 	int local_set = 0;
 
+	cmd->use_vg_without_system_id = find_config_tree_bool(cmd, global_use_vg_without_system_id_CFG, NULL);
+
 	cmd->system_id = NULL;
 	cmd->unknown_system_id = 0;
 
diff --git a/lib/commands/toolcontext.h b/lib/commands/toolcontext.h
index 959c1539b..fc8a6e17b 100644
--- a/lib/commands/toolcontext.h
+++ b/lib/commands/toolcontext.h
@@ -151,6 +151,7 @@ struct cmd_context {
 	unsigned include_foreign_vgs:1;		/* report/display cmds can reveal foreign VGs */
 	unsigned include_shared_vgs:1;		/* report/display cmds can reveal lockd VGs */
 	unsigned include_active_foreign_vgs:1;	/* cmd should process foreign VGs with active LVs */
+	unsigned use_vg_without_system_id:1;	/* a VG without a system id can be accessed */
 	unsigned vg_read_print_access_error:1;	/* print access errors from vg_read */
 	unsigned force_access_clustered:1;
 	unsigned lockd_gl_disable:1;
diff --git a/lib/config/config_settings.h b/lib/config/config_settings.h
index a2df3cefe..34df0b7e5 100644
--- a/lib/config/config_settings.h
+++ b/lib/config/config_settings.h
@@ -1200,6 +1200,13 @@ cfg(global_system_id_file_CFG, "system_id_file", global_CFG_SECTION, CFG_DEFAULT
 	"This is used when system_id_source is set to 'file'.\n"
 	"Comments starting with the character # are ignored.\n")
 
+cfg(global_use_vg_without_system_id_CFG, "use_vg_without_system_id", global_CFG_SECTION, CFG_DEFAULT_COMMENTED, CFG_TYPE_BOOL, 1, vsn(2, 3, 2), 0, 0, NULL,
+	"Allow a VG without a system ID to be used by the local machine.\n"
+	"The default is to allow unrestricted access to a VG that does not\n"
+	"have a system ID set. Before disabling this (turning off access\n"
+	"to VGs without a system ID), ensure that any VG needed by the local\n"
+	"machine has a system ID set, matching the local machine.\n")
+
 cfg(activation_checks_CFG, "checks", activation_CFG_SECTION, 0, CFG_TYPE_BOOL, DEFAULT_ACTIVATION_CHECKS, vsn(2, 2, 86), NULL, 0, NULL,
 	"Perform internal checks of libdevmapper operations.\n"
 	"Useful for debugging problems with activation. Some of the checks may\n"
diff --git a/lib/metadata/metadata.c b/lib/metadata/metadata.c
index 9efc35592..f280efb01 100644
--- a/lib/metadata/metadata.c
+++ b/lib/metadata/metadata.c
@@ -3491,6 +3491,9 @@ static int _check_reappeared_pv(struct volume_group *correct_vg,
 
 static int _is_foreign_vg(struct volume_group *vg)
 {
+	if (!vg->cmd->use_vg_without_system_id && !vg->system_id[0])
+		return 1;
+
 	return vg->cmd->system_id && strcmp(vg->system_id, vg->cmd->system_id);
 }
 
@@ -4882,8 +4885,11 @@ int is_system_id_allowed(struct cmd_context *cmd, const char *system_id)
 	/*
 	 * A VG without a system_id can be accessed by anyone.
 	 */
-	if (!system_id || !system_id[0])
-		return 1;
+	if (!system_id || !system_id[0]) {
+		if (cmd->use_vg_without_system_id)
+			return 1;
+		return 0;
+	}
 
 	/*
 	 * Allowed if the host and VG system_id's match.