Bug #17798: Clients without pool-changing caps shouldn't be allowed to change pool_namespace - CephFS - Ceph

Bug #17798

Clients without pool-changing caps shouldn't be allowed to change pool_namespace

Added by John Spray about 6 years ago. Updated about 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

John Spray

Category:

Security Model

Target version:

% Done:

Source:

other

Tags:

Backport:

jewel

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Component(FS):

MDS

Labels (FS):

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

The purpose of the 'p' flag in MDS client auth caps is to enable creating clients that cannot set the pool part of the file layout. We created that so that locked-down clients that are meant to be confined to a particular pool cannot create layouts pointing to any other pool.

The purpose of setting a namespace on file layouts is to enable creating clients that have OSD caps limiting them to that particular namespace. When we have clients like that, it doesn't make sense to allow them to modify their file layouts' pool_namespace field to point to a namespace that they don't have permission to write to.

Therefore, we should apply the same restriction on setting pool_namespace that we currently apply to setting pool.

Related issues

History

#1 Updated by John Spray about 6 years ago

Status changed from In Progress to Pending Backport
Backport set to jewel

https://github.com/ceph/ceph/pull/11789

#2 Updated by Nathan Cutler about 6 years ago

Copied to Backport #17956: jewel: Clients without pool-changing caps shouldn't be allowed to change pool_namespace added

#3 Updated by John Spray about 6 years ago

Status changed from Pending Backport to Resolved

Also available in: Atom PDF

Project

General

Profile

Ceph » CephFS

Issues

Tags

Custom queries