Actions
Feature #15070
closedmon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
% Done:
0%
Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:
Description
Currently clients with 'mds allow r' capabilities can see any MDSMap.
We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)
I think something like "mds r fscid=<fscid>" would make sense.
Actions