Project

General

Profile

Cleanup #3008

Consider making MLog messages not require MON_CAP_X

Added by Greg Farnum over 11 years ago. Updated almost 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:

0%

Tags:
Backport:
Reviewed:
Affected Versions:
Component(RADOS):
Monitor
Pull request ID:

Description

Right now, the permissions for an incoming MLog are checked against PAXOS_LOG, MON_CAP_X. This means that the MDS and OSD need that permission, which makes given them "allow rw; allow x osdmap" a lot less graceful since it actually needs to be "allow rw; allow x osdmap, log".

Which maybe actually isn't that awkward, if that syntax is correct.

Anyway, we could enhance security (marginally) by encouraging people to use that instead of "allow rwx" for all the daemons on all the monitor functions.

History

#1 Updated by Patrick Donnelly almost 5 years ago

  • Project changed from Ceph to RADOS
  • Category deleted (Monitor)
  • Start date deleted (08/20/2012)
  • Component(RADOS) Monitor added

Also available in: Atom PDF