[LU-14479] lgss_sk may load keys with incorrect permissions Created: 02/Mar/21  Updated: 04/Dec/21  Resolved: 30/Mar/21

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.15.0
Fix Version/s: Lustre 2.15.0

Type: Bug Priority: Minor
Reporter: Sebastien Buisson Assignee: Sebastien Buisson
Resolution: Fixed Votes: 0
Labels: SSK, sec

Issue Links:
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

In autotest, we are used to running the following command after SSK keys have been loaded into the keyring via lgss_sk -l:

# keyctl show | grep lustre | cut -c1-11 | sed -e 's/ //g;' | xargs -IX keyctl setperm X 0x3f3f3f3f

We might look into options so that lgss_sk correctly sets the permissions by itself.

 Comments   
Comment by Jeremy Filizetti [ 02/Mar/21 ]

Its probably plenty of oversight on my part, but are things getting loaded with the wrong permissions under certain circumstances?

Comment by Sebastien Buisson [ 02/Mar/21 ]

Well, we could rephrase that as "Sometimes the key are loaded with incorrect permissions". What I have not identified yet are the circumstances leading to incorrect permissions: system environment? distro? etc.

Comment by Gerrit Updater [ 08/Mar/21 ]

Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/41929
Subject: LU-14479 ssk: explicitly set perm on key
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 5be630093b2677ceb452c76246f0f807589d4f3c

Comment by Gerrit Updater [ 30/Mar/21 ]

Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/41929/
Subject: LU-14479 ssk: explicitly set perm on key
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: f265033840996dcdffb2f05a64b51b51391a273c

Comment by Peter Jones [ 30/Mar/21 ]

Landed for 2.15

Generated at Sat Feb 10 03:10:07 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.