-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document server access enhanced recording option root_path
#38399
Conversation
🤖 Vercel preview here: https://docs-cynrl1kiy-goteleport.vercel.app/docs/ver/preview |
Should we mention this anywhere outside of the inline comment in the configuration? |
# Optional: Controls the path inside cgroupv2 hierarchy where Teleport | ||
# cgroups will be placed. Default value: /teleport |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When would a user want to change this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is a specific use-case where the user wants to add security enforcements (on the OS level) while running multiple SSH services on the same machine.
🤖 Vercel preview here: https://docs-rl0dilrh1-goteleport.vercel.app/docs/ver/preview |
``` | ||
|
||
<Details title="Isolate session recordings"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I would use the term "session recordings" here. It makes it sound like you're specifying a directory to store session recordings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated it, and the content to relate to those resources as "system resources". This aligns with how cgroup describe its hierarchy:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with a comment, assuming Zac's feedback gets applied.
|
||
If you operate multiple Teleport instances on the same system, customize the | ||
`root_path` configuration to change the base cgroup slice path for session | ||
recordings resources. This ensures security isolation between recordings from |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure what "session recordings resources" means. Should this be "session recordings"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated it to match the title. More info at my comment above.
@gabrielcorado Are we backporting this PR? |
🤖 Vercel preview here: https://docs-3mkidh7mh-goteleport.vercel.app/docs/ver/preview |
🤖 Vercel preview here: https://docs-28lkealhg-goteleport.vercel.app/docs/ver/preview |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lint seems still failing
🤖 Vercel preview here: https://docs-3o7kuh97e-goteleport.vercel.app/docs/ver/preview |
@gabrielcorado See the table below for backport results.
|
Documents new
ssh_service.enhanced_recording.root_path
option added by #38066.