Re: Prevent cephfs clients from mount and browsing "/"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, just discovered that with the fuse client, we have to add the '-r
/path' option, to treat that as root. So I assume the caps 'mds allow
r' is only needed if we also what to be able to mount the directory
with the kernel client. Right?

Best,
Martin

On Mon, Dec 5, 2016 at 1:20 PM, Martin Palma <martin@xxxxxxxx> wrote:
> Hello,
>
> is it possible prevent cephfs client to mount the root of a cephfs
> filesystem and browse through it?
>
> We want to restrict cephfs clients to a particular directory, but when
> we define a specific cephx auth key for a client we need to add the
> following caps: "mds 'allow r'" which then gives the client also the
> possibility to mount the root for cephfs and inspect it.
>
> Are we missing something or is this by design?
>
>
> Best,
> Martin
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux