Ubuntu
linux package

[22.10 FEAT] [SEC2117] zcryptctl support for control domains - kernel part

Bug #1982759 reported by bugproxy
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
linux (Ubuntu)
Fix Released
High
Skipper Bug Screeners

Bug Description

Allow to assign control domains to a device node created by zcryptctl.
Let the zcrypt DD block all cex admin requests submitted to a device node unless it is targeted to a control domain that is configured for the device node.
(for compatibility reasons by default all control domains are assigned to the device node)

Motivation: improve access control to crypto resources via device nodes - e.g. for Docker containers.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-199132 severity-high targetmilestone-inin2210
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
importance: Undecided → High
Changed in linux (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-07-27 05:56 EDT-------
Yes, everything is in 5.19.

IDs:

895ae58da4a2360d9c2d255cd9fc8de64e265022
cfd68b33094e1a92249850ff3c3c92ae9112a541

and (not strictly needed for this feature, but improves usability a lot)

cff2d3abc8da078a0447d785736204d8a0ad49b0

Revision history for this message
Frank Heimes (fheimes) wrote :

Great, thx.
I can confirm that all 3 commits are in Ubuntu-5.19.0-11.11 that is currently in kinetic-proposed.
Hence updating the status to Fix Committed.

Changed in ubuntu-z-systems:
status: Incomplete → Fix Committed
Changed in linux (Ubuntu):
status: Incomplete → Fix Committed
information type: Private → Public
Revision history for this message
Frank Heimes (fheimes) wrote :

linux-generic 5.19.0.15.15 landed in kinetic
hence updating to Fix Released.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.