[22.10 FEAT] [SEC2117] zcryptctl support for control domains - s390-tools part
Bug #1982838 reported by
bugproxy
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
| linux (Ubuntu) |
Fix Released
|
High
|
Frank Heimes | ||
Bug Description
Allow to assign control domains to a device node created by zcryptctl.
Let the zcrypt DD block all cex admin requests submitted to a device node unless it is targeted to a control domain that is configured for the device node.
(for compatibility reasons by default all control domains are assigned to the device node)
Motivation: improve access control to crypto resources via device nodes - e.g. for Docker containers.
Upstream Target: s390-tools v2.21
| tags: | added: architecture-s39064 bugnameltc-199133 severity-high targetmilestone-inin2210 |
| Changed in ubuntu: | |
| assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
| affects: | ubuntu → linux (Ubuntu) |
Revision history for this message
| Frank Heimes (fheimes) wrote | #1 |
| Changed in ubuntu-z-systems: | |
| assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
| Changed in linux (Ubuntu): | |
| importance: | Undecided → High |
| Changed in ubuntu-z-systems: | |
| importance: | Undecided → High |
| Changed in linux (Ubuntu): | |
| assignee: | Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes) |
Revision history for this message
| bugproxy (bugproxy) wrote Comment bridged from LTC Bugzilla | #2 |
Revision history for this message
| Frank Heimes (fheimes) wrote | #3 |
| Changed in linux (Ubuntu): | |
| status: | New → Fix Released |
| Changed in ubuntu-z-systems: | |
| status: | New → Fix Released |
| information type: | Private → Public |
To post a comment you must log in.
Great, it's already there!
We'll pic this up with the planned version bump to 2.23 (planned for early August).