[cinder] discuss nas_secure options and root_squash (prohibiting root access to share)
stefan.hoffmann at cloudandheat.com
Mon Sep 6 08:11:37 UTC 2021
Hi cinder team,
do you have any feedback, if this approach  follows the "right" way
Will add this point to the meeting this week, would be nice, if you can
have a look before, so we can discuss about it.
On Mon, 2021-08-16 at 18:05 +0200, Stefan Hoffmann wrote:
> Hi cinder team,
> like discussed in the last meeting, I prepared a list  of
> combinations of the nas_secure options and when to use them.
> If one want to prohibit root access to NFS share, only setting
> nas_secure_file_operations and nas_secure_file_permissions to true is
> useful option, I think. (Option 4)
> But also the nas_secure_file_operations is not useful to determine if
> _qemu_img_info and fs access check at _connect_device should be done
> with root user or cinder user.
> So I will update the change  like proposed in the etherpad.
> Feel free to add other use cases and hints for the options to  and
> discuss about the proposed change.
>  https://etherpad.opendev.org/p/gSotXYAZ3JfJE8FEpMpS
>  https://review.opendev.org/c/openstack/cinder/+/802882
> Initial Bug:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 878 bytes
Desc: This is a digitally signed message part
More information about the openstack-discuss