git-server-git.apps.pok.os.sepia.ceph.com Git

author	Jeff Layton <jlayton@redhat.com>
	Tue, 13 Aug 2019 11:32:00 +0000 (07:32 -0400)
committer	Jeff Layton <jlayton@redhat.com>
	Fri, 13 Sep 2019 12:14:48 +0000 (08:14 -0400)
commit	eae01275134ea550367a09e6adb084ffc9f4bd46
tree	a7aa0a56c8d775122f16c5fa70fa3143b28246f2	tree \| snapshot
parent	aa62bbc1437adb0cc531d3760e6638a7b16d2644	commit \| diff

mount.ceph: fork a child to get info from local configuration

When a secret and/or the mon addrs are not specified by the admin,
then mmap a MAP_SHARED buffer and spawn a child process to get that
info. For safety reasons, the child drops all capabilities other than
CAP_DAC_READ_SEARCH (to ensure that it'll be able to read the keyring,
should one be found). To achieve this, we add a new dependency on
libcap-ng.

Add a new C++ file with a single routine that will create a CephContext,
get a list of monitor addresses and scrape the keyring for a secret for
the specified cephx user.

If that info is found, then it is copied to fixed-length buffers in the
MAP_SHARED area and the child exits successfully.

The parent will then vet the returned info and copy it into the
appropriate fields if they are currently blank.

Fixes: https://tracker.ceph.com/issues/16656
Signed-off-by: Jeff Layton <jlayton@redhat.com>

ceph.spec.in		diff \| blob \| history
debian/control		diff \| blob \| history
doc/man/8/mount.ceph.rst		diff \| blob \| history
src/CMakeLists.txt		diff \| blob \| history
src/mount/CMakeLists.txt		diff \| blob \| history
src/mount/conf.cc	[new file with mode: 0644]	blob
src/mount/mount.ceph.c		diff \| blob \| history
src/mount/mount.ceph.h		diff \| blob \| history