client: set metadata["root"] from mount method when it's called with … #12505
Conversation
|
Test run last night with this seems to have mostly passed, with some failures due to unrelated reasons (AFAICT): http://pulpito.ceph.com/jlayton-2016-12-15_00:30:20-fs-wip-jlayton-submount---basic-smithi/ |
|
This obviously fixes it one way around, but as you mentioned on the ticket the MDS-side thing is a bit wonky. Do we need to zap the mds-side check entirely? (I'm worried about older clients, for instance.) |
|
Yeah, maybe. I really don't quite get the purpose of that check. Note that the first thing we do after creating the session is a GETATTR of the "root". Presumably that would also fail if you don't have caps for it, even if we removed this check. I don't really see the harm in allowing session creation to succeed as long as we ensure that that session can't get access to the parts of the tree where it doesn't have the necessary caps. We have to do that anyway or a malicious client could "mount" one part of the tree and start working in another. So yeah, let me see about just removing that check from the MDS. |
|
Ok, added a patch to eliminate the "root" check in session setup code. It works correctly in my testing. If I limit the credentials to a subtree then mounts of "/" still fail with -EACCES. Now, that said... @jcsp added that check relatively recently (commit 4932cb9, though it has gone through several changes since). We should definitely get his ACK on this before we merge it. I have this patch building in ceph-ci now and I'll plan to run it through the fs suite. |
…a pathname Currently, we only set the root properly config file or the --client_metadata command line option. If a userland client program tries to call ceph_mount with a pathname, it's not being properly set. Since we already hold the mutex, we can just update it directly. Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
fs suite looks like it has mostly passed: http://pulpito.ceph.com/jlayton-2016-12-16_15:24:48-fs-wip-jlayton-submount---basic-smithi/ |
jtlayton
force-pushed
the
wip-jlayton-submount
branch
from
7ad6295
to
9f88100
Compare
|
@jcsp says that we do need to have the MDS track and enforce "root", as that info is used in session eviction. So, I dropped the mds patch, and we'll just plan to backport the client-side fix to jewel (and maybe add some workarounds in samba and nfs-ganesha to tie us over). |
…a pathname
Currently, we only set the root properly in the config file or the
--client_metadata command line option. If a userland client program
tries to call ceph_mount with a pathname, it's not being properly
set.
Since we already hold the mutex, we can just update it directly.
Signed-off-by: Jeff Layton jlayton@redhat.com