Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-11850

Relocating /proc/fs/lustre/ost to /sys/kernel/debug/lustre/ost prevents non-root access

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • Upstream
    • Lustre 2.12.0
    • 3
    • 9223372036854775807

    Description

      For security reasons /sys/kernel/debug is restrict to root only so by relocating /proc/fs/lustre/ost & mdt to /sys/kenrnel/debug/lustre breaks many tools such as 'performance co pilot" that run as non-privilege users. We rely on such tools to collect lustre metric.

      We could change the permissions on /sys/kernel/debug but that is not good security practice. Can there be a build option to selected the location?

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. LU-11988 Some lctl *_param values only readable by root

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-11988 Some lctl *_param values only readable by root

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-12244 lfs check subcommand no longer works as non-root user

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-12513 Address YAML limitations

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-17471 Add symlink /proc/fs/lustre/osd-*/*/brw_stats to /sys/kernel/debug/lustre/osd-*/*/brw_stats

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. LU-18709 High frequency performance counters accessible to non-root users

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. LU-12841 Add ability for lctl get_param to get subfield of YAML output

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. LU-16164 Check params and make them valid YAML if they are designed to be

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. LU-17472 Create programming wrappers (python, go) for liblustreapi Netlink stats API

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-8066 Move lustre procfs handling to sysfs and debugfs.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. LU-9680 Improve the user land to kernel space interface for lustre

          • Major - Major loss of function.
          • In Progress

          Activity

            [LU-11850] Relocating /proc/fs/lustre/ost to /sys/kernel/debug/lustre/ost prevents non-root access
            gerrit Gerrit Updater added a comment -

            "James Simmons <jsimmons@infradead.org>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/58506
            Subject: LU-11850 obd: support target_obd using Netlink
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: a1d9910c7f79ddaa14f746c648819427898d38bb

            gerrit Gerrit Updater added a comment - "James Simmons <jsimmons@infradead.org>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/58506 Subject: LU-11850 obd: support target_obd using Netlink Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: a1d9910c7f79ddaa14f746c648819427898d38bb
            simmonsja James A Simmons added a comment -

            more work is coming

            simmonsja James A Simmons added a comment - more work is coming
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/57305/
            Subject: LU-11850 obd: support the rest of "stats" with Netlink
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: a20476ca22862d4efa185d0563e552c271d2e82a

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/57305/ Subject: LU-11850 obd: support the rest of "stats" with Netlink Project: fs/lustre-release Branch: master Current Patch Set: Commit: a20476ca22862d4efa185d0563e552c271d2e82a
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/51959/
            Subject: LU-11850 lov: migrate completely to lu_tgt_descs API
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: f70332330acaff7d52a21700726e7f89a85789b2

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/51959/ Subject: LU-11850 lov: migrate completely to lu_tgt_descs API Project: fs/lustre-release Branch: master Current Patch Set: Commit: f70332330acaff7d52a21700726e7f89a85789b2
            gerrit Gerrit Updater added a comment -

            "James Simmons <jsimmons@infradead.org>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/57305
            Subject: LU-11850 obd: support the rest of "stats" with Netlink
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 6f1a2a18bd3798a4e63bf59e4209c3a2f75f50a4

            gerrit Gerrit Updater added a comment - "James Simmons <jsimmons@infradead.org>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/57305 Subject: LU-11850 obd: support the rest of "stats" with Netlink Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 6f1a2a18bd3798a4e63bf59e4209c3a2f75f50a4
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/34256/
            Subject: LU-11850 obd: use netlink to get lustre stats
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 5803284ac3a5d477df9afffe48ff35f08d67da1a

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/34256/ Subject: LU-11850 obd: use netlink to get lustre stats Project: fs/lustre-release Branch: master Current Patch Set: Commit: 5803284ac3a5d477df9afffe48ff35f08d67da1a
            jtacquaviva Jean-Thomas Acquaviva added a comment -

            Hi James,

            we conducted some tests and it seems that still only root can access the stats. Please find attached a log.

            log_stats.txt

            jtacquaviva Jean-Thomas Acquaviva added a comment - Hi James, we conducted some tests and it seems that still only root can access the stats. Please find attached a log. log_stats.txt
            simmonsja James A Simmons added a comment - - edited

            Some time numbers for lctl get_param ..stats

            root - proc file : 

            real    0m0.002s
            user    0m0.000s
            sys     0m0.002s

            normal user (netlink):

            real    0m0.006s
            user    0m0.003s
            sys     0m0.003s

            simmonsja James A Simmons added a comment - - edited Some time numbers for lctl get_param . .stats root - proc file :  real    0m0.002s user    0m0.000s sys     0m0.002s normal user (netlink): real    0m0.006s user    0m0.003s sys     0m0.003s
            gerrit Gerrit Updater added a comment -

            "James Simmons <jsimmons@infradead.org>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53994
            Subject: LU-11850 obd: debug failure
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: ef85e2655bf3d838970c7473c38849330802ec2c

            gerrit Gerrit Updater added a comment - "James Simmons <jsimmons@infradead.org>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53994 Subject: LU-11850 obd: debug failure Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: ef85e2655bf3d838970c7473c38849330802ec2c
            simmonsja James A Simmons added a comment -

            Almost done with the patch for stats. Only bug left is if you grab ALL stats it overflows the liblnetconfig library. I do want to move the internal storage of the stats structures as an Xarray instead of a generic_radix struct.

            simmonsja James A Simmons added a comment - Almost done with the patch for stats. Only bug left is if you grab ALL stats it overflows the liblnetconfig library. I do want to move the internal storage of the stats structures as an Xarray instead of a generic_radix struct.

            People

              simmonsja James A Simmons
              mhanafi Mahmoud Hanafi
              Votes:
              1 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated: