Hello, We are working on a POC with containers (kubernetes) and cephfs (for permanent storage).
The main idea is to give to a user access to a subdirectory of the cephfs but be sure he won't be able to access to the rest of the storage. As k8s works, the user will have access to the yml file where the cephfs mount point is defined. He will be able to change the subdirectory mounted inside the container (and set it to /). And inside the container, the user is root… So if even the user doesn't have access to the secret, he will be able to mount the whole cephfs volume with read access. Is there a possibility to have "root_squash" option on cephfs volume for a specific client.user + secret? Is it possible to allow a specific user to mount only /bla and disallow to mount the cephfs root "/"? Or is there another way to do that? Thanks, -- Yoann Moulin EPFL IC-IT _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
