Cleanup #3008
Consider making MLog messages not require MON_CAP_X
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Tags:
Backport:
Reviewed:
Affected Versions:
Component(RADOS):
Monitor
Pull request ID:
Description
Right now, the permissions for an incoming MLog are checked against PAXOS_LOG, MON_CAP_X. This means that the MDS and OSD need that permission, which makes given them "allow rw; allow x osdmap" a lot less graceful since it actually needs to be "allow rw; allow x osdmap, log".
Which maybe actually isn't that awkward, if that syntax is correct.
Anyway, we could enhance security (marginally) by encouraging people to use that instead of "allow rwx" for all the daemons on all the monitor functions.
History
#1 Updated by Patrick Donnelly almost 5 years ago
- Project changed from Ceph to RADOS
- Category deleted (
Monitor) - Start date deleted (
08/20/2012) - Component(RADOS) Monitor added