Bug #18589
closedceph_volume_client.py doesn't create enough mds caps
0%
Description
In _authorize_ceph() at https://github.com/ceph/ceph/blob/master/src/pybind/ceph_volume_client.py#L1032, the caps is "allow r path=/some/path". This is not sufficient. I got permission denied error when mounting the volume using this cap.
According to ceph fs doc at http://docs.ceph.com/docs/master/cephfs/client-auth/, mds cap is "mds 'allow r, allow rw path=/*specified_directory*'". I added "allow r" and cephfs volume was mounted.
Updated by Huamin Chen over 7 years ago
Pull request at https://github.com/ceph/ceph/pull/12985
Updated by Greg Farnum over 7 years ago
- Project changed from Ceph to CephFS
- Category set to Security Model
- Component(FS) kceph added
This report applies to mounting with the kernel, not ceph-fuse, right? I think that makes this a kernel issue where it's unconditionally doing a root inode lookup, not a VolumeClient one. We had something like that in userspace recently, but I can't seem to find that bug number right now.
Updated by John Spray over 7 years ago
- Status changed from New to Duplicate
Assuming that you encounted this issue with kernel client, the bug was http://tracker.ceph.com/issues/17191, which was fixed in linux 4.9. The fuse client does not have the bug.