You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Hanisha Koneru (Jira)" <ji...@apache.org> on 2020/01/31 18:13:00 UTC

[jira] [Created] (HDDS-2966) ACL checks should be done after acquiring lock

Hanisha Koneru created HDDS-2966:
------------------------------------

             Summary: ACL checks should be done after acquiring lock
                 Key: HDDS-2966
                 URL: https://issues.apache.org/jira/browse/HDDS-2966
             Project: Hadoop Distributed Data Store
          Issue Type: Sub-task
          Components: HA
            Reporter: Hanisha Koneru


Currently in OMClientRequests#validateAndUpdateCache, we perform ACL checks before acquiring the required object lock. This could lead to race condition. The ACL check should be done after acquiring the lock.
For example, in OMKeyCreateRequest:

{code:java}
      // check Acl
      checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
          IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);

      acquireLock = omMetadataManager.getLock().acquireWriteLock(BUCKET_LOCK,
          volumeName, bucketName);
{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org