[19.04 FEAT] Extended access controls for AP queue - kernel part

Bug #1805429 reported by bugproxy on 2018-11-27
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Frank Heimes
linux (Ubuntu)
Skipper Bug Screeners

Bug Description

Update description:
Provide a means to control which user/process can access which APQN, or in other words enable to grant users/applications access to different (sets of) crypto adapters and domains.
While keeping existing interfaces for compatibility, allow to use both DAC (e.g. Unix file permissions) and MAC (e.g. LSM) methods.

Please enable the following kernel config option:

will be made available with kernel 4.20

bugproxy (bugproxy) on 2018-11-27
tags: added: architecture-s39064 bugnameltc-172704 severity-high targetmilestone-inin1904
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (frank-heimes) wrote :

Waiting with assignment until disco reached it's target kernel level of 4.20+ - just monitored for now ...

Changed in ubuntu-z-systems:
status: New → Triaged
importance: Undecided → High

------- Comment From <email address hidden> 2019-02-01 07:46 EDT-------
git commit: kernel 4.20 [00fab2350e]

Changed in ubuntu-z-systems:
assignee: nobody → Frank Heimes (frank-heimes)
Changed in linux (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: Triaged → Incomplete
Seth Forshee (sforshee) wrote :

Can this bug be made public?

information type: Private → Public
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-02-19 03:45 EDT-------
This information is already available with kernel 4.20, therefore can be made public....

Seth Forshee (sforshee) wrote :

We already have this option turned on in our 5.0 tree. I've marked this as an enforced option in our annotations to ensure it is not accidentally turned off and added a note referring to this bug.

Changed in linux (Ubuntu):
status: Incomplete → Fix Committed
Changed in ubuntu-z-systems:
status: Incomplete → Fix Committed
Frank Heimes (frank-heimes) wrote :

Just verified that commit "s390/zcrypt: multiple zcrypt device nodes support" landed in disco-proposed kernel "Ubuntu-5.0.0-7.8" (as "00fab23"). And config option CONFIG_ZCRYPT_MULTIDEVNODES is properly enabled - looks good.

Frank Heimes (frank-heimes) wrote :

Since Kernel 5.0 landed in disco's release pocket today, I'm changing the status to Fix Released.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-03-15 06:28 EDT-------
IBM Bugzilla status -> closed, Fix Released for disco

Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers