RDMA SELinux Support
In this video from the 2016 OpenFabrics Workshop, Daniel Jurgens from Mellanox presents: RDMA SELinux Support.
"SELinux is enforces Mandatory Access Control in Linux. SELinux restrictions are encoded into a security policy. It restricts users and
processes to only the resources they need to perform their work, and cannot be overridden by system users regardless of their privileges.
SELinux today covers standard TCP/IP networking, controlling which traffic flows and network interfaces a given process is allowed to
access.
This session explores how SELinux may be extended to support RDMA, which often bypasses the only source of trust – the Linux kernel – while sending and receiving traffic. We map SELinux mechanisms to the RDMA communication model, and show how concrete isolation guarantees can be established by the administrator by associating InfiniBand Partitions with SELinux security tags, and controlling SMI access permissions. All relevant RDMA user-kernel interfaces are protected by suitable SELinux hooks.
Finally, we provide guidelines for managing SELinux RDMA policies. We detail recommended host security policies for both compute and
SM hosts, and discuss deployment considerations."
Learn more: https://www.openfabrics.org/index.php...
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Watch video RDMA SELinux Support online without registration, duration hours minute second in high quality. This video was added by user insideHPC Report 12 April 2016, don't forget to share it with your friends and acquaintances, it has been viewed on our site 286 once and liked it 2 people.