On 02/05/18 08:40, Danil Kipnis wrote:
It just occurred to me, that we could easily extend the interface in
such a way that each client (i.e. each session) would have on server
side her own directory with the devices it can access. I.e. instead of
just "dev_search_path" per server, any client would be able to only
access devices under <dev_search_path>/session_name. (session name
must already be generated by each client in a unique way). This way
one could have an explicit control over which devices can be accessed
by which clients. Do you think that would do it?
Hello Danil,
That sounds interesting to me. However, I think that approach requires
to configure client access completely before the kernel target side
module is loaded. It does not allow to configure permissions dynamically
after the kernel target module has been loaded. Additionally, I don't
see how to support attributes per (initiator, block device) pair with
that approach. LIO e.g. supports the
/sys/kernel/config/target/srpt/*/*/acls/*/lun_*/write_protect attribute.
You may want to implement similar functionality if you want to convince
more users to use IBNBD.
Thanks,
Bart.
