On Mon, 2018-02-05 at 09:56 +0100, Jinpu Wang wrote: > Hi Bart, > > My another 2 cents:) > On Fri, Feb 2, 2018 at 6:05 PM, Bart Van Assche <[email protected]> > wrote: > > On Fri, 2018-02-02 at 15:08 +0100, Roman Pen wrote: > > > o Simple configuration of IBNBD: > > > - Server side is completely passive: volumes do not need to be > > > explicitly exported. > > > > That sounds like a security hole? I think the ability to configure whether > > or > > not an initiator is allowed to log in is essential and also which volumes an > > initiator has access to. > > Our design target for well controlled production environment, so security is > handle in other layer. On server side, admin can set the dev_search_path in > module parameter to set parent directory, this will concatenate with the path > client send in open message to open a block device.
Hello Jack, That approach may work well for your employer but sorry I don't think this is sufficient for an upstream driver. I think that most users who configure a network storage target expect full control over which storage devices are exported and also over which clients do have and do not have access. Bart.
