Project

General

Profile

Actions
Copy link

Documentation #57737

open

Clarify security implications of path-restricted cephx capabilities

Added by Greg Farnum over 1 year ago. Updated over 1 year ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Greg Farnum
Category:
Security Model
Target version:
Ceph - v18.0.0
% Done:

0%

Tags:
backport_processed
Backport:
quincy, pacific
Reviewed:
Affected Versions:
Labels (FS):
Pull request ID:
48319

Description

https://docs.ceph.com/en/latest/cephfs/client-auth/#path-restriction suggests that you can restrict clients to a subtree, but it does not discuss restricting their access to the underlying RADOS information, nor mention the standard combination we use to provide more segregation between file data.

Related issues 2 (1 open1 closed)

Copied to CephFS - Backport #57776: pacific: Clarify security implications of path-restricted cephx capabilitiesResolvedPatrick DonnellyActions
Copied to CephFS - Backport #57777: quincy: Clarify security implications of path-restricted cephx capabilitiesIn ProgressPatrick DonnellyActions
Actions
Copy link
 #1

Updated by Greg Farnum over 1 year ago

  • Backport set to quincy, pacific
  • Pull request ID set to 48319
Actions
Copy link
 #2

Updated by Venky Shankar over 1 year ago

  • Category set to Security Model
  • Status changed from New to Pending Backport
  • Target version set to v18.0.0
Actions
Copy link
 #3

Updated by Backport Bot over 1 year ago

  • Copied to Backport #57776: pacific: Clarify security implications of path-restricted cephx capabilities added
Actions
Copy link
 #4

Updated by Backport Bot over 1 year ago

  • Copied to Backport #57777: quincy: Clarify security implications of path-restricted cephx capabilities added
Actions
Copy link
 #5

Updated by Backport Bot over 1 year ago

  • Tags set to backport_processed
Actions
Copy link

Also available in: Atom PDF