[22.10 FEAT] [SEC2117] zcryptctl support for control domains - s390-tools part
Bug #1982838 reported by
bugproxy
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
High
|
Frank Heimes |
Bug Description
Allow to assign control domains to a device node created by zcryptctl.
Let the zcrypt DD block all cex admin requests submitted to a device node unless it is targeted to a control domain that is configured for the device node.
(for compatibility reasons by default all control domains are assigned to the device node)
Motivation: improve access control to crypto resources via device nodes - e.g. for Docker containers.
Upstream Target: s390-tools v2.21
tags: | added: architecture-s39064 bugnameltc-199133 severity-high targetmilestone-inin2210 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in linux (Ubuntu): | |
status: | New → Fix Released |
Changed in ubuntu-z-systems: | |
status: | New → Fix Released |
information type: | Private → Public |
To post a comment you must log in.
Great, it's already there!
We'll pic this up with the planned version bump to 2.23 (planned for early August).