Actions
Bug #18589
closedceph_volume_client.py doesn't create enough mds caps
Status:
Duplicate
Priority:
High
Assignee:
-
Category:
Security Model
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
kceph
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
In _authorize_ceph() at https://github.com/ceph/ceph/blob/master/src/pybind/ceph_volume_client.py#L1032, the caps is "allow r path=/some/path". This is not sufficient. I got permission denied error when mounting the volume using this cap.
According to ceph fs doc at http://docs.ceph.com/docs/master/cephfs/client-auth/, mds cap is "mds 'allow r, allow rw path=/*specified_directory*'". I added "allow r" and cephfs volume was mounted.
Actions