Cleanup #3008: Consider making MLog messages not require MON_CAP_X - RADOS - Ceph

Actions

Copy link

Cleanup #3008

open

Consider making MLog messages not require MON_CAP_X

Added by Greg Farnum over 11 years ago. Updated about 5 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

% Done:

Tags:

Backport:

Reviewed:

Affected Versions:

Component(RADOS):

Monitor

Pull request ID:

Description

Right now, the permissions for an incoming MLog are checked against PAXOS_LOG, MON_CAP_X. This means that the MDS and OSD need that permission, which makes given them "allow rw; allow x osdmap" a lot less graceful since it actually needs to be "allow rw; allow x osdmap, log".

Which maybe actually isn't that awkward, if that syntax is correct.

Anyway, we could enhance security (marginally) by encouraging people to use that instead of "allow rwx" for all the daemons on all the monitor functions.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » RADOS

Custom queries

Cleanup #3008

Consider making MLog messages not require MON_CAP_X

Updated by Patrick Donnelly about 5 years ago