[libvirt] unable to set security context (NFSv4 problem?)
Daniel P. Berrange
berrange at redhat.com
Thu Apr 22 13:39:39 UTC 2010
On Thu, Apr 22, 2010 at 03:16:08PM +0200, Harald Dunkel wrote:
> Hi Daniel,
>
> On 04/22/10 11:41, Daniel P. Berrange wrote:
> >
> > This is unfixably broken then. NFS security relies on all clients using
> > the same UID/GID <-> name mappings.
> >
>
> How comes that we don't run into a similar security problem
> for iSCSI?
In NFS, the user/group IDs for files are stored on the NFS server. Thus
all clients must have same interpretation for these IDs.
In iSCSI the user/group IDs are assigned to the block device nodes which
are always local to each client logged into the iSCSI server. Thus there
is no requirement for the same interpretation on all clients
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list