[22.10 FEAT] [SEC2117] zcryptctl support for control domains - kernel part
Bug #1982759 reported by
bugproxy
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
High
|
Skipper Bug Screeners |
Bug Description
Allow to assign control domains to a device node created by zcryptctl.
Let the zcrypt DD block all cex admin requests submitted to a device node unless it is targeted to a control domain that is configured for the device node.
(for compatibility reasons by default all control domains are assigned to the device node)
Motivation: improve access control to crypto resources via device nodes - e.g. for Docker containers.
tags: | added: architecture-s39064 bugnameltc-199132 severity-high targetmilestone-inin2210 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
status: | New → Incomplete |
Changed in ubuntu-z-systems: | |
status: | New → Incomplete |
To post a comment you must log in.
------- Comment From <email address hidden> 2022-07-27 05:56 EDT-------
Yes, everything is in 5.19.
IDs:
895ae58da4a2360 d9c2d255cd9fc8d e64e265022 2249850ff3c3c92 ae9112a541
cfd68b33094e1a9
and (not strictly needed for this feature, but improves usability a lot)
cff2d3abc8da078 a0447d785736204 d8a0ad49b0