2012/10/5 Iustin Pop <[email protected]>: > On Fri, Oct 05, 2012 at 03:55:41AM +0200, Michael Hanselmann wrote: >> Some paths, such as /bin or /usr/lib, should not be used for file >> storage. This patch implements a check during cluster verification >> to show a warning in case such a path has been used. > > I haven't reviewed the patch, just one side question: > >> + if what.get(constants.NV_FILE_STORAGE_PATHS) == my_name: >> + result[constants.NV_FILE_STORAGE_PATHS] = \ >> + (pathutils.FILE_STORAGE_PATHS_FILE, >> + bdev.LoadAllowedFileStoragePaths(pathutils.FILE_STORAGE_PATHS_FILE)) > > Am I too paranoid if I'm asking myself whether it's OK to let the master > know what paths exactly the node allows? I mean, as opposed to just > returning the messages about not recommended paths being present (as > text) from the node.
I think you are too paranoid. If someone has access to this information (by getting the contents of “server.pem”), that someone can also read the contents of the whitelist file, which is the same on all nodes, or the configuration, which has the file storage paths as well. Michael
