Ubuntu
linux package

[19.04 FEAT] Extended access controls for AP queue - kernel part

Bug #1805429 reported by bugproxy
20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Frank Heimes
linux (Ubuntu)
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

Update description:
Provide a means to control which user/process can access which APQN, or in other words enable to grant users/applications access to different (sets of) crypto adapters and domains.
While keeping existing interfaces for compatibility, allow to use both DAC (e.g. Unix file permissions) and MAC (e.g. LSM) methods.

Please enable the following kernel config option:
   * CONFIG_ZCRYPT_MULTIDEVNODES=y

will be made available with kernel 4.20

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-172704 severity-high targetmilestone-inin1904
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Waiting with assignment until disco reached it's target kernel level of 4.20+ - just monitored for now ...

Changed in ubuntu-z-systems:
status: New → Triaged
importance: Undecided → High
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2019-02-01 07:46 EDT-------
git commit: kernel 4.20 [00fab2350e]

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Frank Heimes (frank-heimes)
Changed in linux (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: Triaged → Incomplete
Revision history for this message
Seth Forshee (sforshee) wrote :

Can this bug be made public?

Frank Heimes (fheimes)
information type: Private → Public
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-02-19 03:45 EDT-------
This information is already available with kernel 4.20, therefore can be made public....

Revision history for this message
Seth Forshee (sforshee) wrote :

We already have this option turned on in our 5.0 tree. I've marked this as an enforced option in our annotations to ensure it is not accidentally turned off and added a note referring to this bug.

Changed in linux (Ubuntu):
status: Incomplete → Fix Committed
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Incomplete → Fix Committed
Revision history for this message
Frank Heimes (fheimes) wrote :

Just verified that commit "s390/zcrypt: multiple zcrypt device nodes support" landed in disco-proposed kernel "Ubuntu-5.0.0-7.8" (as "00fab23"). And config option CONFIG_ZCRYPT_MULTIDEVNODES is properly enabled - looks good.

Revision history for this message
Frank Heimes (fheimes) wrote :

Since Kernel 5.0 landed in disco's release pocket today, I'm changing the status to Fix Released.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-03-15 06:28 EDT-------
IBM Bugzilla status -> closed, Fix Released for disco

Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.