Actions
Documentation #57737
openClarify security implications of path-restricted cephx capabilities
Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
Security Model
Target version:
% Done:
0%
Tags:
backport_processed
Backport:
quincy, pacific
Reviewed:
Description
https://docs.ceph.com/en/latest/cephfs/client-auth/#path-restriction suggests that you can restrict clients to a subtree, but it does not discuss restricting their access to the underlying RADOS information, nor mention the standard combination we use to provide more segregation between file data.
Actions