Hi, On Sat, Sep 06, 2025 at 08:32:45AM +0000, Eugen Block wrote: > Hi, > > can you share where that comment comes from?
Sure, it's from the ceph sample config in the nfs-ganesha source: https://github.com/nfs-ganesha/nfs-ganesha/blob/next/src/config_samples/ceph.conf#L81-L83 > I can't find it in the docs or > on github. The only place I found is this Oracle guide which is for Ceph > Luminous, that is quite old: > > https://docs.oracle.com/en/operating-systems/oracle-linux/ceph-storage/ceph-luminous-UsingCephStorageforOracleLinux.html > > I have no idea if newer versions support subtree checking though, we've been > looking into ganesha many years ago and it didn't work for us at that time > at all. I have that on my agenda to give it another try, but I don't find > the time at the moment. Hopefully someone else has more insights for you. > > Regards, > Eugen > > Zitat von Davíð Steinn Geirsson <da...@dsg.is>: > > > Hey all, > > > > When I moved my file server shares to CephFS, I set each share on its > > own CephFS. The reason was this comment in the nfs-ganesha example > > config: > > > > # Note that FSAL_CEPH does not support subtree checking, so there is > > # no way to validate that a filehandle presented by a client is > > # reachable via an exported subtree. > > # > > # For that reason, we just export "/" here. > > > > Now, this is fine for low numbers of shares, but as they have grown it > > feels a bit overkill to be creating two or more new pools (metadata + > > data + sometimes another EC data) for each share. Tuning the PG numbers > > for those pools is also kind of a pain. > > > > I'm wondering, would using a subvolume for the share provide the needed > > security isolation? > > > > Best, > > Davíð > > _______________________________________________ > > ceph-users mailing list -- ceph-users@ceph.io > > To unsubscribe send an email to ceph-users-le...@ceph.io > > > _______________________________________________ > ceph-users mailing list -- ceph-users@ceph.io > To unsubscribe send an email to ceph-users-le...@ceph.io _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
