Project

General

Profile

Feature #15070

mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID

Added by John Spray almost 3 years ago. Updated 7 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
-
Target version:
Start date:
03/11/2016
Due date:
% Done:

0%

Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:

Description

Currently clients with 'mds allow r' capabilities can see any MDSMap.

We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)


Related issues

Related to fs - Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID New 03/11/2016
Blocks fs - Feature #22477: multifs: remove experimental warnings New 12/19/2017

History

#1 Updated by Greg Farnum over 2 years ago

  • Subject changed from multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID to mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
  • Category changed from 46 to 93

#2 Updated by Patrick Donnelly 12 months ago

#3 Updated by Patrick Donnelly 11 months ago

  • Related to Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID added

#4 Updated by Patrick Donnelly 11 months ago

  • Blocks deleted (Feature #22477: multifs: remove experimental warnings)

#5 Updated by Patrick Donnelly 11 months ago

I'm not seeing this as necessary for stable multifs so I'm breaking the blocker.

#6 Updated by Patrick Donnelly 8 months ago

  • Category deleted (93)
  • Tags set to multifs

#7 Updated by Patrick Donnelly 7 months ago

#8 Updated by Patrick Donnelly 7 months ago

  • Priority changed from Normal to High
  • Target version set to v14.0.0
  • Source changed from other to Development
  • Tags deleted (multifs)
  • Component(FS) Common/Protocol, MDSMonitor, qa-suite added
  • Labels (FS) multifs, task(medium) added

Also available in: Atom PDF