On Mon, Feb 5, 2018 at 7:38 PM, Bart Van Assche <bart.vanassche@xxxxxxx> wrote: > On 02/05/18 08:40, Danil Kipnis wrote: >> >> It just occurred to me, that we could easily extend the interface in >> such a way that each client (i.e. each session) would have on server >> side her own directory with the devices it can access. I.e. instead of >> just "dev_search_path" per server, any client would be able to only >> access devices under <dev_search_path>/session_name. (session name >> must already be generated by each client in a unique way). This way >> one could have an explicit control over which devices can be accessed >> by which clients. Do you think that would do it? > > > Hello Danil, > > That sounds interesting to me. However, I think that approach requires to > configure client access completely before the kernel target side module is > loaded. It does not allow to configure permissions dynamically after the > kernel target module has been loaded. Additionally, I don't see how to > support attributes per (initiator, block device) pair with that approach. > LIO e.g. supports the > /sys/kernel/config/target/srpt/*/*/acls/*/lun_*/write_protect attribute. You > may want to implement similar functionality if you want to convince more > users to use IBNBD. > > Thanks, > > Bart. Hello Bart, the configuration (which devices can be accessed by a particular client) can happen also after the kernel target module is loaded. The directory in <dev_search_path> is a module parameter and is fixed. It contains for example "/ibnbd_devices/". But a particular client X would be able to only access the devices located in the subdirectory "/ibnbd_devices/client_x/". (The sessionname here is client_x) One can add or remove the devices from that directory (those are just symlinks to /dev/xxx) at any time - before or after the server module is loaded. But you are right, we need something additional in order to be able to specify which devices a client can access writable and which readonly. May be another subdirectories "wr" and "ro" for each client: those under /ibnbd_devices/client_x/ro/ can only be read by client_x and those in /ibnbd_devices/client_x/wr/ can also be written to? Thanks, Danil.
