RDMA SELinux Support
In this video from the 2016 OpenFabrics Workshop, Daniel Jurgens from Mellanox presents: RDMA SELinux Support.
"SELinux is enforces Mandatory Access Control in Linux. SELinux restrictions are encoded into a security policy. It restricts users and
processes to only the resources they need to perform their work, and cannot be overridden by system users regardless of their privileges.
SELinux today covers standard TCP/IP networking, controlling which traffic flows and network interfaces a given process is allowed to
access.
This session explores how SELinux may be extended to support RDMA, which often bypasses the only source of trust – the Linux kernel – while sending and receiving traffic. We map SELinux mechanisms to the RDMA communication model, and show how concrete isolation guarantees can be established by the administrator by associating InfiniBand Partitions with SELinux security tags, and controlling SMI access permissions. All relevant RDMA user-kernel interfaces are protected by suitable SELinux hooks.
Finally, we provide guidelines for managing SELinux RDMA policies. We detail recommended host security policies for both compute and
SM hosts, and discuss deployment considerations."
Learn more: https://www.openfabrics.org/index.php...
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Watch video RDMA SELinux Support online, duration hours minute second in high quality that is uploaded to the channel insideHPC Report 12 April 2016. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 286 times and liked it 2 visitors.
