| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKPOu+8qd+qybZWOMoaAYzOtTWXEQ=y5q1jJZjOVxE8pwX7CkQ@mail.gmail.com>
Date: Tue, 25 Oct 2022 11:57:59 +0200
From: Max Kellermann <max.kellermann@...os.com>
To: Xiubo Li <xiubli@...hat.com>
Cc: Jeff Layton <jlayton@...nel.org>, idryomov@...il.com,
ceph-devel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fs/ceph/super: add mount options "snapdir{mode,uid,gid}"
On Tue, Oct 25, 2022 at 11:10 AM Xiubo Li <xiubli@...hat.com> wrote:
> $ sudo ./bin/mount.ceph privileged@.../ /mnt/privileged/mountpoint
>
> $ sudo ./bin/mount.ceph global@.../ /mnt/global/mountpoint
So you have two different mount points where different client
permissions are used. There are various problems with that
architecture:
- it complicates administration, because now every mount has to be done twice
- it complicates applications accessing ceph (and their
configuration), because there are now 2 mount points
- it increases resource usage for having twice as many ceph connections
- it interferes with fscache, doubling fscache's local disk usage,
reducing fscache's efficiency
- ownership of the snapdir is still the same as the parent directory,
and I can't have non-superuser processes to manage snapshots; all
processes mananging snapshots need to have write permission on the
parent directory
- this is still all-or-nothing; I can't forbid users to list (+r) or
access (+x) snapshots
All those problems don't exist with my patch.
Powered by blists - more mailing lists