Project

General

Profile

Bug #17798

Clients without pool-changing caps shouldn't be allowed to change pool_namespace

Added by John Spray 8 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Security Model
Target version:
-
Start date:
11/04/2016
Due date:
% Done:

0%

Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Component(FS):
MDS
Needs Doc:
No

Description

The purpose of the 'p' flag in MDS client auth caps is to enable creating clients that cannot set the pool part of the file layout. We created that so that locked-down clients that are meant to be confined to a particular pool cannot create layouts pointing to any other pool.

The purpose of setting a namespace on file layouts is to enable creating clients that have OSD caps limiting them to that particular namespace. When we have clients like that, it doesn't make sense to allow them to modify their file layouts' pool_namespace field to point to a namespace that they don't have permission to write to.

Therefore, we should apply the same restriction on setting pool_namespace that we currently apply to setting pool.


Related issues

Copied to fs - Backport #17956: jewel: Clients without pool-changing caps shouldn't be allowed to change pool_namespace Resolved

History

#1 Updated by John Spray 7 months ago

  • Status changed from In Progress to Pending Backport
  • Backport set to jewel

#2 Updated by Nathan Cutler 7 months ago

  • Copied to Backport #17956: jewel: Clients without pool-changing caps shouldn't be allowed to change pool_namespace added

#3 Updated by John Spray 5 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF