Re: Prevent cephfs clients from mount and browsing "/"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 5, 2016 at 12:35 PM, David Disseldorp <ddiss@xxxxxxx> wrote:
> Hi Martin,
>
> On Mon, 5 Dec 2016 13:27:01 +0100, Martin Palma wrote:
>
>> Ok, just discovered that with the fuse client, we have to add the '-r
>> /path' option, to treat that as root. So I assume the caps 'mds allow
>> r' is only needed if we also what to be able to mount the directory
>> with the kernel client. Right?
>
> IIUC, this was recently fixed in the kernel client via:
> commit ce2728aaa82bbebae7d20345324af3f0f49eeb20
> Author: Yan, Zheng <zyan@xxxxxxxxxx>
> Date:   Wed Sep 14 14:53:05 2016 +0800
>
>     ceph: avoid accessing / when mounting a subpath

Correct.  Clients with a "path=" restriction only need the global
"allow r" if the client is buggy (as the kernel client was[1] before
Zheng's fix).

This functionality has had more testing with the fuse client because
it is used with OpenStack Manila.

John

1. http://tracker.ceph.com/issues/17191




> Cheers, David
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux