You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Hanisha Koneru (Jira)" <ji...@apache.org> on 2020/01/31 18:13:00 UTC
[jira] [Created] (HDDS-2966) ACL checks should be done after
acquiring lock
Hanisha Koneru created HDDS-2966:
------------------------------------
Summary: ACL checks should be done after acquiring lock
Key: HDDS-2966
URL: https://issues.apache.org/jira/browse/HDDS-2966
Project: Hadoop Distributed Data Store
Issue Type: Sub-task
Components: HA
Reporter: Hanisha Koneru
Currently in OMClientRequests#validateAndUpdateCache, we perform ACL checks before acquiring the required object lock. This could lead to race condition. The ACL check should be done after acquiring the lock.
For example, in OMKeyCreateRequest:
{code:java}
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);
acquireLock = omMetadataManager.getLock().acquireWriteLock(BUCKET_LOCK,
volumeName, bucketName);
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org