From 4b3f82f643c67568a671c4d88c19ad4a187b521a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 6 Aug 2024 16:39:18 +0100
Subject: [PATCH] CA-396743: forbid setting NBD purpose on unmanaged networks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We wouldn't be able to add the correct firewall rules,
and you're not meant to use the boot from SAN network for NBD.

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 ocaml/xapi/xapi_network.ml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ocaml/xapi/xapi_network.ml b/ocaml/xapi/xapi_network.ml
index 3aefbad3be8..e22859a147b 100644
--- a/ocaml/xapi/xapi_network.ml
+++ b/ocaml/xapi/xapi_network.ml
@@ -439,6 +439,7 @@ let assert_can_add_purpose ~__context ~network:_ ~current:_ newval =
       assert_no_net_has_bad_porpoise [`nbd]
 
 let add_purpose ~__context ~self ~value =
+  assert_network_is_managed ~__context ~self:value ;
   let current = Db.Network.get_purpose ~__context ~self in
   if not (List.mem value current) then (
     assert_can_add_purpose ~__context ~network:self ~current value ;