[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] unable to set security context (NFSv4 problem?)



On Thu, Apr 22, 2010 at 03:16:08PM +0200, Harald Dunkel wrote:
> Hi Daniel,
> 
> On 04/22/10 11:41, Daniel P. Berrange wrote:
> > 
> > This is unfixably broken then. NFS security relies on all clients using
> > the same UID/GID <-> name mappings.
> > 
> 
> How comes that we don't run into a similar security problem
> for iSCSI?

In NFS, the user/group IDs for files are stored on the NFS server. Thus
all clients must have same interpretation for these IDs.

In iSCSI the user/group IDs are assigned to the block device nodes which 
are always local to each client logged into the iSCSI server. Thus there
is no requirement for the same interpretation  on all clients


Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]