Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9145

When Shared Key feature is active, Nodemap admin property allows more access

    Details

    • Severity:
      4
    • Rank (Obsolete):
      9223372036854775807

      Description

      When the Shared Key feature of Lustre is active, and the Nodemap "admin" property for a nodemap is set to 0, Lustre does not restrict access to that nodemap as it normally would without Shared Key. Examples of this issue occurring can be found in tests 17, 18, and 20-23 of sanity-sec in the testing framework of the following run:
      https://testing.hpdd.intel.com/test_sets/36d7440a-f84f-11e6-887f-5254006e85c2

      This may be replicated on a system with Shared Key and Nodemap features enabled, by setting all nodemap admin and trusted properties to 0. Under these conditions, the system does not fully limit root access.

      The error returned by the test framework is:
      sanity-sec test_17: @@@@@@ FAIL: test trusted_noadmin:0:c0:0:000, wanted 0 0, got 1 1

      The "0 0" desired by this test is the output of do_create_delete() from the sanity-sec.sh suite in the testing framework. This function attempts to touch, and then remove, a file. Since it should not be able to do either, the test fails since both operations are permitted. Other tests of the same nature fail for similar reasons.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kit.westneat Kit Westneat
                Reporter:
                hannac Chris Hanna
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: