Project

General

Profile

Actions
Copy link

Bug #17798

closed

Clients without pool-changing caps shouldn't be allowed to change pool_namespace

Added by John Spray over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
John Spray
Category:
Security Model
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

The purpose of the 'p' flag in MDS client auth caps is to enable creating clients that cannot set the pool part of the file layout. We created that so that locked-down clients that are meant to be confined to a particular pool cannot create layouts pointing to any other pool.

The purpose of setting a namespace on file layouts is to enable creating clients that have OSD caps limiting them to that particular namespace. When we have clients like that, it doesn't make sense to allow them to modify their file layouts' pool_namespace field to point to a namespace that they don't have permission to write to.

Therefore, we should apply the same restriction on setting pool_namespace that we currently apply to setting pool.

Related issues 1 (0 open1 closed)

Copied to CephFS - Backport #17956: jewel: Clients without pool-changing caps shouldn't be allowed to change pool_namespaceResolvedLoïc DacharyActions
Actions
Copy link
 #1

Updated by John Spray over 7 years ago

  • Status changed from In Progress to Pending Backport
  • Backport set to jewel
Actions
Copy link
 #2

Updated by Nathan Cutler over 7 years ago

  • Copied to Backport #17956: jewel: Clients without pool-changing caps shouldn't be allowed to change pool_namespace added
Actions
Copy link
 #3

Updated by John Spray over 7 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF