Project

General

Profile

Documentation #57737

Clarify security implications of path-restricted cephx capabilities

Added by Greg Farnum 4 months ago. Updated 4 months ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
Security Model
Target version:
% Done:

0%

Tags:
backport_processed
Backport:
quincy, pacific
Reviewed:
Affected Versions:
Labels (FS):
Pull request ID:

Description

https://docs.ceph.com/en/latest/cephfs/client-auth/#path-restriction suggests that you can restrict clients to a subtree, but it does not discuss restricting their access to the underlying RADOS information, nor mention the standard combination we use to provide more segregation between file data.


Related issues

Copied to CephFS - Backport #57776: pacific: Clarify security implications of path-restricted cephx capabilities New
Copied to CephFS - Backport #57777: quincy: Clarify security implications of path-restricted cephx capabilities New

History

#1 Updated by Greg Farnum 4 months ago

  • Backport set to quincy, pacific
  • Pull request ID set to 48319

#2 Updated by Venky Shankar 4 months ago

  • Category set to Security Model
  • Status changed from New to Pending Backport
  • Target version set to v18.0.0

#3 Updated by Backport Bot 4 months ago

  • Copied to Backport #57776: pacific: Clarify security implications of path-restricted cephx capabilities added

#4 Updated by Backport Bot 4 months ago

  • Copied to Backport #57777: quincy: Clarify security implications of path-restricted cephx capabilities added

#5 Updated by Backport Bot 4 months ago

  • Tags set to backport_processed

Also available in: Atom PDF