Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-17569

move HSM capabilities to CAP_SYS_RESOURCE

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      Most of the HSM, quota, and remote directory operations are checking CAP_SYS_ADMIN, which is a grab-bag of different administrative capabilities. It would be more useful and secure to use CAP_SYS_RESOURCE to control access to this functionality, since these are directly related to managing storage capacity and allocation.

      /* Override resource limits. Set resource limits. */
/* Override quota limits. */
/* Override reserved space on ext2 filesystem */
/* Modify data journaling mode on ext3 filesystem (uses journaling
   resources) */
:
:
#define CAP_SYS_RESOURCE     24

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-17410 Add per-nodemap capabilities mask

          • Major - Major loss of function.
          • Open

          Activity

            People

              adilger Andreas Dilger
              adilger Andreas Dilger
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: