I have a pull request posted at https://github.com/ceph/ceph/pull/4809 that updates the mds cap parser and defines a check method. Please take a look and see if this makes sense. For the path restrictions, I think the next steps are something like - generate a path string and pass it in to that method - write some simple tests - make sure the hook is called from everywhere it needs to be (all of the other request handlers in Server.cc) - call the hook from the cap writeback path (tricky) - figure out how to handle files in the stray dir (tricky) For the user-based restrictions, - I think we need to expand the allows() method so that it has a couple output arguments (uid and gid list) that subsequent permissions should be validated against. Then we can change the function in Server.cc so that when those are populated it does an actually unix permissions check. This seems like the simplest thing to me, although it does have the slightly-odd property that if you are doing an operation that requires permission on two inodes (directory and file, say) you might have to different 'allow ...' lines granting access to each. (I think this is both painful to avoid and also harmless?) - same items above to call into the check method in the appropriate places. - extend client/mds protocol to pass credential struct. This should piggyback on Goldwyn's work to fix up these structures for namespaces. - mark caps with credentials on clients, fix writeback order, etc. In any case, the first item on both those lists seems like the place to start. sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
