Ah, I only searched in the Ceph project. Thanks
Zitat von Davíð Steinn Geirsson <da...@dsg.is>:
Hi,
On Sat, Sep 06, 2025 at 08:32:45AM +0000, Eugen Block wrote:
Hi,
can you share where that comment comes from?
Sure, it's from the ceph sample config in the nfs-ganesha source:
https://github.com/nfs-ganesha/nfs-ganesha/blob/next/src/config_samples/ceph.conf#L81-L83
I can't find it in the docs or
on github. The only place I found is this Oracle guide which is for Ceph
Luminous, that is quite old:
https://docs.oracle.com/en/operating-systems/oracle-linux/ceph-storage/ceph-luminous-UsingCephStorageforOracleLinux.html
I have no idea if newer versions support subtree checking though, we've been
looking into ganesha many years ago and it didn't work for us at that time
at all. I have that on my agenda to give it another try, but I don't find
the time at the moment. Hopefully someone else has more insights for you.
Regards,
Eugen
Zitat von Davíð Steinn Geirsson <da...@dsg.is>:
> Hey all,
>
> When I moved my file server shares to CephFS, I set each share on its
> own CephFS. The reason was this comment in the nfs-ganesha example
> config:
>
> # Note that FSAL_CEPH does not support subtree checking, so there is
> # no way to validate that a filehandle presented by a client is
> # reachable via an exported subtree.
> #
> # For that reason, we just export "/" here.
>
> Now, this is fine for low numbers of shares, but as they have grown it
> feels a bit overkill to be creating two or more new pools (metadata +
> data + sometimes another EC data) for each share. Tuning the PG numbers
> for those pools is also kind of a pain.
>
> I'm wondering, would using a subvolume for the share provide the needed
> security isolation?
>
> Best,
> Davíð
> _______________________________________________
> ceph-users mailing list -- ceph-users@ceph.io
> To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
