| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230804-erdtrabanten-mitunter-12aa02867edc@brauner>
Date: Fri, 4 Aug 2023 16:54:03 +0200
From: Christian Brauner <brauner@...nel.org>
To: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
Cc: xiubli@...hat.com, stgraber@...ntu.com,
linux-fsdevel@...r.kernel.org, Jeff Layton <jlayton@...nel.org>,
Ilya Dryomov <idryomov@...il.com>, ceph-devel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v9 04/12] ceph: add enable_unsafe_idmap module parameter
On Fri, Aug 04, 2023 at 10:48:50AM +0200, Alexander Mikhalitsyn wrote:
> This parameter is used to decide if we allow
> to perform IO on idmapped mount in case when MDS lacks
> support of CEPHFS_FEATURE_HAS_OWNER_UIDGID feature.
>
> In this case we can't properly handle MDS permission
> checks and if UID/GID-based restrictions are enabled
> on the MDS side then IO requests which go through an
> idmapped mount may fail with -EACCESS/-EPERM.
> Fortunately, for most of users it's not a case and
> everything should work fine. But we put work "unsafe"
> in the module parameter name to warn users about
> possible problems with this feature and encourage
> update of cephfs MDS.
>
> Cc: Xiubo Li <xiubli@...hat.com>
> Cc: Jeff Layton <jlayton@...nel.org>
> Cc: Ilya Dryomov <idryomov@...il.com>
> Cc: ceph-devel@...r.kernel.org
> Suggested-by: Stéphane Graber <stgraber@...ntu.com>
> Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
> ---
Seems good enough,
Acked-by: Christian Brauner <brauner@...nel.org>
Powered by blists - more mailing lists