Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp26987225rwd; Mon, 3 Jul 2023 18:51:10 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4QFZcx07H/3/0gXi0R8oh5p8EnpLEHBgMC5ssDyohduNTaoEJmUpRVjSnw5SnTZAJUxAzh X-Received: by 2002:a05:620a:8d8c:b0:767:1c73:69fc with SMTP id rc12-20020a05620a8d8c00b007671c7369fcmr10208332qkn.27.1688435470174; Mon, 03 Jul 2023 18:51:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688435470; cv=none; d=google.com; s=arc-20160816; b=HxH0ffLj2H9MQDH90DbkzxAkfPTKsQpGTF6UcY9Uc2MdEI+3bljPUGplYak5dd7bk2 /KbUH7vUAh1UHzz+PFuZrNUUd1X6pz23NtAM25wQAg3ImeAGMuoNNi7lXp6EVcP7g0Qn 3ejzmVGZPiYdrhacDk+mkmZyzqCHi6qUFtv3fSuGpe1r72EtsUngmcg2xaFAl5gZKqrY CY+aOUvFs27K+CGwgj/j4cntC4LFLjo7LQGsFJ7pX98MEcOC8x/5NaVx3tmq4Ua75FMp oROqted8d0mNBIVxDyM5PUjsd+vLXAemIg7HnKpGdxfqBP9+dIxoEtr78c4OQgMu1WBt Z/fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=tHvy2cSjRNLBspkBnwHleNI4FVF/3lOoEAeskedvTOg=; fh=cInLN82Pj4hl1FmaW52MkVs0JK3Ra1pu/h8506goSk4=; b=P1/u8xSYSlJUVdVNzmpiwGP9M6Pv7/XCGUEdpeeKdoeueYrerImyaBeU2p6dFcwklw FFNTqJnR2d/n1cWF2BZbAi5khSm9PSgN9CbpJG2gh7Udd2ytAg9HX7ApSh8VIZUZ6Rzp iv9rYUAubfN51ttpBSsVpFE9HOpY0MI+bcpVvar4nx4VerATG6CXq57S58TtpJzGFETV d3/h3Jj8otPRbf1qaj3jOY9HWaHHdeIZQm1Xh4jsa9/q5YvXP9O6SIw4W7PlZtQWWkam QshHr/GkvM7TyF2nDm/kZugoBnenQAhBjD8jwkt+mYO1nwVMOfdffk0iTs4Nn4cRfKnf KSPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Wo0ndSWr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eg13-20020a056a00800d00b00666b8536d8asi11569590pfb.305.2023.07.03.18.50.54; Mon, 03 Jul 2023 18:51:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Wo0ndSWr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230262AbjGDBL0 (ORCPT + 99 others); Mon, 3 Jul 2023 21:11:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229793AbjGDBLZ (ORCPT ); Mon, 3 Jul 2023 21:11:25 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0110FE72 for ; Mon, 3 Jul 2023 18:10:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688433032; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tHvy2cSjRNLBspkBnwHleNI4FVF/3lOoEAeskedvTOg=; b=Wo0ndSWrd24Qs2Nvemgrxu/06Wcd9ChrcC6mARjxT+CWdaGqgplEssGz8t8zE3QzBWLZkS UVcRYBkIo9+Bb/y/EE87WoZVKOrGahwn6Z6GndUlt1P+loATY8SIXik1aHbKwu1D5r9jIG fxv5q2EbeolrZ8Sqj/mQuctgXyRhP/k= Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-504-xDmW0awBMBah3YY4dLDfmw-1; Mon, 03 Jul 2023 21:10:30 -0400 X-MC-Unique: xDmW0awBMBah3YY4dLDfmw-1 Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-1b895a9f4ccso17330665ad.2 for ; Mon, 03 Jul 2023 18:10:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688433030; x=1691025030; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tHvy2cSjRNLBspkBnwHleNI4FVF/3lOoEAeskedvTOg=; b=VbhzU99VvOGKTKxqdrKtM82j3pEDSpXL071HDs6r6GBzAHbNCR6o80/Vg3ik5MH6NP iGKIfhpjY6D6aG50sBKmAIL719Rhqycq66I6wD6bDR7GquCFGR3RX4+B9X4vU+KFLXsH PhLw5CWnwDwH5xtCAGx7tDzzP88Yw1lM6OwsZ2VOojtFrUgNJtMkrxp6GCQG8qHrJ6lz wXLLnlfYW3HL0u8QzcAjNTxnXwPF21zdnJ330b/YNYrUHmi/u/tzU3Dfh02Yctip1RzL +D6IfP9Ua58r+1L80SHz0HHYc/NrC9CNnPvrHp0guE69S0EDt4o2N/P3AtbF8h6FikC7 FpfQ== X-Gm-Message-State: ABy/qLbwvosX9MYz52FFlGBhkvZ9a+gz3ilC5YQ+xq9SilOBT4TPmItS 5wx/CTeLv84/gJWoo+68KNVCaMEOW5r0wKDZyrlMwnCTRmftC5Nyy14cxbZ/8KOh73QofnlFVnf tZybHKaO2o4lIzvGdaUIX5/wj X-Received: by 2002:a17:902:e80c:b0:1b4:5697:d9a8 with SMTP id u12-20020a170902e80c00b001b45697d9a8mr11428310plg.24.1688433029779; Mon, 03 Jul 2023 18:10:29 -0700 (PDT) X-Received: by 2002:a17:902:e80c:b0:1b4:5697:d9a8 with SMTP id u12-20020a170902e80c00b001b45697d9a8mr11428293plg.24.1688433029436; Mon, 03 Jul 2023 18:10:29 -0700 (PDT) Received: from [10.72.12.93] ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id s18-20020a170902a51200b001b7fb1a8200sm14137286plq.258.2023.07.03.18.10.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 03 Jul 2023 18:10:29 -0700 (PDT) Message-ID: Date: Tue, 4 Jul 2023 09:10:22 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v5 00/14] ceph: support idmapped mounts Content-Language: en-US To: Aleksandr Mikhalitsyn Cc: Gregory Farnum , Christian Brauner , stgraber@ubuntu.com, linux-fsdevel@vger.kernel.org, Ilya Dryomov , Jeff Layton , ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20230608154256.562906-1-aleksandr.mikhalitsyn@canonical.com> <20230609-alufolie-gezaubert-f18ef17cda12@brauner> <977d8133-a55f-0667-dc12-aa6fd7d8c3e4@redhat.com> <626175e2-ee91-0f1a-9e5d-e506aea366fa@redhat.com> <64241ff0-9af3-6817-478f-c24a0b9de9b3@redhat.com> <4c4f73d8-8238-6ab8-ae50-d83c1441ac05@redhat.com> From: Xiubo Li In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/26/23 19:49, Aleksandr Mikhalitsyn wrote: > On Mon, Jun 26, 2023 at 1:23 PM Aleksandr Mikhalitsyn > wrote: >> On Mon, Jun 26, 2023 at 4:12 AM Xiubo Li wrote: >>> >>> On 6/24/23 15:11, Aleksandr Mikhalitsyn wrote: >>>> On Sat, Jun 24, 2023 at 3:37 AM Xiubo Li wrote: >>>>> [...] >>>>> >>>>> > > > >>>>> > > > I thought about this too and came to the same conclusion, that >>>>> UID/GID >>>>> > > > based >>>>> > > > restriction can be applied dynamically, so detecting it on mount-time >>>>> > > > helps not so much. >>>>> > > > >>>>> > > For this you please raise one PR to ceph first to support this, and in >>>>> > > the PR we can discuss more for the MDS auth caps. And after the PR >>>>> > > getting merged then in this patch series you need to check the >>>>> > > corresponding option or flag to determine whether could the idmap >>>>> > > mounting succeed. >>>>> > >>>>> > I'm sorry but I don't understand what we want to support here. Do we >>>>> want to >>>>> > add some new ceph request that allows to check if UID/GID-based >>>>> > permissions are applied for >>>>> > a particular ceph client user? >>>>> >>>>> IMO we should prevent user to set UID/GID-based permisions caps from >>>>> ceph side. >>>>> >>>>> As I know currently there is no way to prevent users to set MDS auth >>>>> caps, IMO in ceph side at least we need one flag or option to disable >>>>> this once users want this fs cluster sever for idmap mounts use case. >>>> How this should be visible from the user side? We introducing a new >>>> kernel client mount option, >>>> like "nomdscaps", then pass flag to the MDS and MDS should check that >>>> MDS auth permissions >>>> are not applied (on the mount time) and prevent them from being >>>> applied later while session is active. Like that? >>>> >>>> At the same time I'm thinking about protocol extension that adds 2 >>>> additional fields for UID/GID. This will allow to correctly >>>> handle everything. I wanted to avoid any changes to the protocol or >>>> server-side things. But if we want to change MDS side, >>>> maybe it's better then to go this way? >> Hi Xiubo, >> >>> There is another way: >>> >>> For each client it will have a dedicated client auth caps, something like: >>> >>> client.foo >>> key: *key* >>> caps: [mds] allow r, allow rw path=/bar >>> caps: [mon] allow r >>> caps: [osd] allow rw tag cephfs data=cephfs_a >> Do we have any infrastructure to get this caps list on the client side >> right now? >> (I've taken a quick look through the code and can't find anything >> related to this.) > I've found your PR that looks related https://github.com/ceph/ceph/pull/48027 Yeah, after this we need to do some extra work in kclient and then it will be easy to check the caps I think. Thanks - Xiubo >>> When mounting this client with idmap enabled, then we can just check the >>> above [mds] caps, if there has any UID/GID based permissions set, then >>> fail the mounting. >> understood >> >>> That means this kind client couldn't be mounted with idmap enabled. >>> >>> Also we need to make sure that once there is a mount with idmap enabled, >>> the corresponding client caps couldn't be append the UID/GID based >>> permissions. This need a patch in ceph anyway IMO. >> So, yeah we will need to effectively block cephx permission changes if >> there is a client mounted with >> an active idmapped mount. Sounds as something that require massive >> changes on the server side. >> >> At the same time this will just block users from using idmapped mounts >> along with UID/GID restrictions. >> >> If you want me to change server-side anyways, isn't it better just to >> extend cephfs protocol to properly >> handle UID/GIDs with idmapped mounts? (It was originally proposed by Christian.) >> What we need to do here is to add a separate UID/GID fields for ceph >> requests those are creating a new inodes >> (like mknod, symlink, etc). >> >> Kind regards, >> Alex >> >>> Thanks >>> >>> - Xiubo >>> >>> >>> >>> >>> >>>> Thanks, >>>> Alex >>>> >>>>> Thanks >>>>> >>>>> - Xiubo >>>>>