RDMA SELinux Support
In this video from the 2016 OpenFabrics Workshop, Daniel Jurgens from Mellanox presents: RDMA SELinux Support.
"SELinux is enforces Mandatory Access Control in Linux. SELinux restrictions are encoded into a security policy. It restricts users and
processes to only the resources they need to perform their work, and cannot be overridden by system users regardless of their privileges.
SELinux today covers standard TCP/IP networking, controlling which traffic flows and network interfaces a given process is allowed to
access.
This session explores how SELinux may be extended to support RDMA, which often bypasses the only source of trust – the Linux kernel – while sending and receiving traffic. We map SELinux mechanisms to the RDMA communication model, and show how concrete isolation guarantees can be established by the administrator by associating InfiniBand Partitions with SELinux security tags, and controlling SMI access permissions. All relevant RDMA user-kernel interfaces are protected by suitable SELinux hooks.
Finally, we provide guidelines for managing SELinux RDMA policies. We detail recommended host security policies for both compute and
SM hosts, and discuss deployment considerations."
Learn more: https://www.openfabrics.org/index.php...
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Смотрите видео RDMA SELinux Support онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал insideHPC Report 12 Апрель 2016. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 286 раз и оно понравилось 2 посетителям.
