Message ID | 20170114110011.13316-1-nicolas.iooss@m4x.org (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0DE4A601DA for <patchwork-selinux@patchwork.kernel.org>; Sat, 14 Jan 2017 11:01:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EAF4128534 for <patchwork-selinux@patchwork.kernel.org>; Sat, 14 Jan 2017 11:01:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DF1322853E; Sat, 14 Jan 2017 11:01:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B218B28534 for <patchwork-selinux@patchwork.kernel.org>; Sat, 14 Jan 2017 11:01:29 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,227,1477958400"; d="scan'208";a="2295574" IronPort-PHdr: =?us-ascii?q?9a23=3AtGp6yxYngnguR/QSSpAPy7P/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZoc69Zx7h7PlgxGXEQZ/co6odzbGH7+a7AidZvMrJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBq7oR/fu8QYjoduN6Y8xxTUqXZUZu?= =?us-ascii?q?pawn9lK0iOlBjm/Mew+5Bj8yVUu/0/8sNLTLv3caclQ7FGFToqK2866tHluhnF?= =?us-ascii?q?VguP+2ATUn4KnRpSAgjK9w/1U5HsuSbnrOV92S2aPcrrTbAoXDmp8qlmRAP0hC?= =?us-ascii?q?oBKjU2/nvXishth6xFphyvqQF0z4rNbI2IKPZye6XQds4YS2VcRMZcTyxPDJ2h?= =?us-ascii?q?YYUBDOQPOv5Yoovgq1YAohSxGQaiC/30yjJTmn/737c33/g7HA3awgAtGc8Fvn?= =?us-ascii?q?TOrNXyMacfSfi7zKjUwjXEa/NZwyz945XLfBAmpvGMRqlwetfWxEkpFgPKklKQ?= =?us-ascii?q?qYj/MDOOzOgNsm+b7+17VeK0kGMnrg58oze1yscrkInJiZsYx1bZ/it62IY4Pc?= =?us-ascii?q?C0RUF0bNK+EJZcqjuWO5V5T888WW1kpT42x78EtJKhYSQHxpoqywTBZ/CbcoWE?= =?us-ascii?q?+BzuWPiXLDxlnnxqYqi/iAy38UW4z+38UdS730hSoypel9nMqmgN1xvO6sibUv?= =?us-ascii?q?d9/lmu2TKI1w3L9uFLO1o0lavGK5462LIwipoSvljDHi/xgkn2irOZdl449eSy?= =?us-ascii?q?7uTnY7HmqoedN49ylA7+LrwjltGwDOk3KAQDX3WX9f6i2LDs40H1WqhGguUzkq?= =?us-ascii?q?bDsZDaIcobprS+Aw9Qyosj8AiwDzOn0NQegHkGI0tJdwmAj4j0PVHBPO73Deyk?= =?us-ascii?q?jlSwkDZk2/DGPrr7DpXLNXjMiq3tfbl6605C0AYz18xQ54pICrEdJ/L+Qk3xtN?= =?us-ascii?q?veDhAjLwy0w/zoCNNm24McXmKPBKqZP7nJsV+U+O0vOfKMaJUSuDbnJPgv/+Tu?= =?us-ascii?q?gmMhmV8BYamp2oMaaHK6Hvt8P0qZYmHsgtAHEWcLoAozV+LqiFmfUT9cfHmyQq?= =?us-ascii?q?Q85i0mCI68CofDXI+tiqSb3CinBp1WenxGCleUHHbmdoWEX/IMZzyIIsJ6nDwL?= =?us-ascii?q?S6WuS4g71R60rA/60b1nLujK9SIEqZLvzt915/fclRsq7zx7E9yd032RT2Fzhm?= =?us-ascii?q?4HWiM53KV4oUx71lePzLN1g+JGGtxJ5vNIUwA6NZjGw+x8Fd/yRhrLfs2VR1a+?= =?us-ascii?q?XtWmHTYxQ8oszN8SeUl9Ac6vgQzE3yqvH7AajaeLBIAu/qLawXfxO953y2za26?= =?us-ascii?q?k5k1kmXsxPOHWmh69+8AjTAZXEk0Cdl6qzdKQc2jTB9GGZwmqUv0FYURBwXrvf?= =?us-ascii?q?UXAZeETWsczz5lneQL+2FbQnLgxBxNacJatScNLpl1RGROz4NdTGeW2xgWawBQ?= =?us-ascii?q?2QxrOIdoXlZ3sS0D/aCEgenAAZ5WyGOhQmBie9v2LeCyRjFVz1Y0z29+lxtHK7?= =?us-ascii?q?TlQvwgGPd01h1qO5+gUbhPyHUf8T2agEuCg5oTVuAFm9x87WC8aHpwd5f6VTe9?= =?us-ascii?q?A94FBa1W/CtAxyJJ+gL6d/hlIEdAR3pUzu3Q1tCopcicgqsG8qzA1qJK2CzVxB?= =?us-ascii?q?bTKY0o7qOrDMMGb94BWvZ7TR2lHE39ac4r0P5+ggq1X/oAGpEVIv83V53NlR13?= =?us-ascii?q?uc4Y7HDA4PUZLtVUY38gJ1q6vdYikn6IPezWdsPrWssj/ex9IpA/Moyg2uf9dF?= =?us-ascii?q?N6OEDxPyHtYBB8ioL+wrlV2pYQgCPOxI8q47Id+mfeOc2KG3JOZggC6mjWNf7Y?= =?us-ascii?q?FzyE2M8zZ8RfDS35Ye2PyYwBWIVy3ng1e8t8D7g4dEZSsdHmCn0yjrGJZRZrFu?= =?us-ascii?q?fYYMEWquP9C4ych/h5H3X35V70KsB1QD2MC1YxWSdED90RdW1UsJvXytgTG4wC?= =?us-ascii?q?BskzE1sqqf2zTDw+LjdBoDPm5EWnJigEz2LoeqldAaW1Kkbw8zlBuq/Uz63bRU?= =?us-ascii?q?pLxjL2nPRkdFZzb2L2B+XaussbqCedRD548osSVQVuS8bkuXSrr8oxscySzjBW?= =?us-ascii?q?xeyCo8dzGwtZXzhwZ6h36FLHZvsHrZftl9xRPe5NzHWf5dxyEGSzd8iTnWAFi8?= =?us-ascii?q?Itao8M6Pl5fbs+C+UWOhWYFIcSXxy4OPqje773VwARKjh/CzhsHnEQ8i3C/h0N?= =?us-ascii?q?lqUSHIowjmYob30KS7P/lqflJ1BFDg8Mp2AIZ+kpE/hJsIw3gVmo2V/WYbkWf0?= =?us-ascii?q?KdhbwbjxbGcJRTIR2dHZ+hPq2EpnLnKVwIL5UG6Qws59a9m8ZWMZxjgx78ZUB6?= =?us-ascii?q?eI9LZEhzd6okKkrQLNZvhwhjQdxuUo6H4BmOwJuxQiziOGArAUA0ZYITbglxOS?= =?us-ascii?q?79CxtK9XfnqgcaCs1EpimtCsFK+CogdBV3viZJciGzJ/7sVlPFLKznLz9pnueM?= =?us-ascii?q?PMYtILqh2UjxDAgvBNKJ0ri/oKgTFqNn78vX05y+83lBJu0ou8vISdLGVt5q25?= =?us-ascii?q?CAZCNjLpf8MT5i3tjaFGk8aMwo+gA45sGjoOXJrnV/6oFiwdtej/PQaUDDI8sm?= =?us-ascii?q?ubGabYHQKH8EdptW/PE5S1OHGPPnYZy8liSweHJEFEnQAURys1noQiFgyw38zh?= =?us-ascii?q?d1p55ioN6VHmpBtMzfhoNxbhXWvFogendCs0QoCFLBVK9gFC+1vVMcuG4+J9BS?= =?us-ascii?q?5Y+IGhrAuIKmGAaQRHE3wGWkueB1/5Jrmu/97A8+qGCeWiM/vCe7KOqfZRV/2Q?= =?us-ascii?q?35KgzpNm/yqQNsWIJnRiCuc02k5HXX9nB8TZhy8ARDYMmiLLccGbuAy89TFtoc?= =?us-ascii?q?Cn7vvnQgTv6pWTC7FKK9Vg5wi2gbufN+6XnCt5MyxU150WyX/N0rcf2FkSiiF1?= =?us-ascii?q?eja3DbsAsDTBTKXKmq9YFxQbcT98NNNU76Ig2QlAIcjbisnv2b5glv44EFlFVV?= =?us-ascii?q?37msGyecwKLWC9NFXdC0aNKLuGJCfEw8XtbaO7U71Qg/1etwestjaDD0/jIjOD?= =?us-ascii?q?miHxVx+xKu5DkiebPB1CuIG6aRttCHbsQ8z4ZRGhN993lzI2y6UuhnzWLW4cLS?= =?us-ascii?q?R8c0RVo7KN9iNXnO9wG2Nb7nV/M+mJgD2Z4PPbKpYLq/tkGD54l+ZH4HQ80bRV?= =?us-ascii?q?9jhIROBymCvRrt9upEuqku+RxTp7SBBOsCpEhJqXvUV+PqXU7oJAVmza/B0X4m?= =?us-ascii?q?WfFQ8KqsB+CtL1paBf0NfPm7zoKDtY9dLb49ccDdDOKM2bKHohLQbpGDnMAQQe?= =?us-ascii?q?TD6rOmbfh0pGnf6P6HKatZk6pYLqmJYUTb9bTlM1HOsACkt5BNwCPIt3XjQ8nL?= =?us-ascii?q?GBg84H/2S+owfKScVdppDISPSSAfD1JzaYiblLfBwIwLziIYQULI371FRoakNm?= =?us-ascii?q?k4TSB0rQQddNrzV9bg8zpUVB6mJ+Tmoy2k37bAOi+2UTFfmqkR41kQZxfeMt9D?= =?us-ascii?q?Lw7FgtPVrKuDE8kE8vltX5mTqRaiL+LL+sXYFKDCr5r0sxM5P/QwlrdgCymEtk?= =?us-ascii?q?NDnKR71Pk7tgaWBriAjZuZRRA/JcS7NLYAMIz/GNe/ooyUhcqjmgxUJf4+vKF4?= =?us-ascii?q?FtlA8xfJ6vqHJAwB5jY8QzJazLJ6pJz0JchqSQsS+0zuox2hMRJ14R8GOOfy4F?= =?us-ascii?q?oFYIOac9JyW25ONs8xCNmztYdWcXVvoquO9l9kQzO+SY1SLvzb5CJlq3N+OBM6?= =?us-ascii?q?OTo3LAmtKQQlMsykMIkFFI8qVx0ccldUqbSl4gzL+QFxkSL8XNNxtVb81I+HjU?= =?us-ascii?q?ZyaOvv3HwYhpMIWlCuDoUeiOub4JjU2+AgYpHpkD7t8aE5a2ykHYN8DnLbAeyR?= =?us-ascii?q?oz+AvrOU+FDPVVeBOLijsHpd+wzINv14lHOj4dGXl9MTmw5rvPqA8qmuSMU8ot?= =?us-ascii?q?YngAWIsEKnU2WNahliFDo3tACSO70uUDyAiN9zX8vDjfDCHgb9p/Y/eZfRdsCN?= =?us-ascii?q?as+Toh9ai3iFnX/47RJ2H8KNRuoNjP6fkVp5yfEfNbUaF9s1vAm4lfX3GqSHDA?= =?us-ascii?q?Edq0J5j2doktYsf5BWq9Uly6lz06VdzxPMq3IqiOnw7oWZ5esJOH0zA7Kc+9Cj?= =?us-ascii?q?YeFg9zp+EZ5KNzfwsDY4Y7YRPzuAQ+MLS/LxuC3tWoXWmtNSNcT+NDwuWie7xX?= =?us-ascii?q?0y0sY/emyHshS5E6yPW38U4NRZwRkx7exPaiaJNFXiTpHHxSZRnPrzIjl2d9Lu?= =?us-ascii?q?Yy3vs/wBTQvFYGNzCLdfBmZ3JcsNE5BVKSJ3J2CmwiSFKHloXD4xSj37YL8ytT?= =?us-ascii?q?gtZYy+tFv2bivpXHejKjRLSrqYnJsyonddUpuLN+MYr4L8ScqZzegCLQTIPLsg?= =?us-ascii?q?KfSi67F+BWmt9KICJXWPNIg30qOdQauYpd7ko8Tsg+J6FOCKkoorCldz9kADUP?= =?us-ascii?q?wiAHTIyA3SYNguGm17vdjBeQf4woMAYYv5VantsdTyl2bzsEpK+lVoXZi2+ESm?= =?us-ascii?q?8PIAcI9QpC/R8OmJVsc+7i+4fHUJhMyztKrP1uSSvLCoNk913lRWGKmVL4Uumu?= =?us-ascii?q?k/S13QJOy/LhysUUWBxlBkdB3OtZikwoKLVzK6kRoIHKqCOIel3ms2Lt0uemI0?= =?us-ascii?q?NRycLMfV3iEIXFrXb8UjEb+XAMX49A0mvfFZMJnAdidKYrvk9DIJ64dUb65jwk?= =?us-ascii?q?wYtpH725VcCkx1YlsXgGSD2wE9pEEe1mtkzYWCF9aZCxtJrlI4lSQnNX+JCFpV?= =?us-ascii?q?ZVilliMy64yZpZKsFC+D0MUSNOoTqDotS9VtdP2chsD58DOt1/oWvyGLtYOJiN?= =?us-ascii?q?pH07oqbgymXE+zA6qlu6xy6+G665T+JY420RAR8lJ2KApUkzF+Es6Hvd8kjRsl?= =?us-ascii?q?Bo+OdWHrmPjUNtoDljGpBBGDNJ2m65L1RpTHhLqOJaKLzLfMxaRvk9fx6vOxgl?= =?us-ascii?q?Gv4h0E2F50Z0nW32YyZqrAtV5zjdXxUoVSkSmrrtlicepduhOT8GUJ9IbDIhbi?= =?us-ascii?q?nDKwKHmSBYohdfa0d2W58HGNZJ4bcb0pVI/sDaU0ajNTkFXAB+NgI/yfdfiUlD?= =?us-ascii?q?sECDdCDBEQaocO3AvgdxfciPsM6jNO758xtfioP7rOA48L0OR328lg23W9/eq5?= =?us-ascii?q?Lzu8aXuUSQbKf4K/OzYXvfQzjWlxywgq0kD5bS9SjJLAVbM4V6yWYjYZX5C27L?= =?us-ascii?q?OgpJKrkGKEVFTqB1d89GovxEaMB5YqoJ/7FiBg6fTBP1BIOvtOVGLkrURTnGNC?= =?us-ascii?q?qB/PCwrZ7R4LDAR+XtfdCDx3HCQ61rJJh68iX7F63s0YBA5kr8wu1t+V9iSVja?= =?us-ascii?q?LyCBq8zsJhkV68a/dkvtpIEpECjSAJd3jnri2F9MeNYQQyK37psU0pVZ52jsSe?= =?us-ascii?q?hgyEj8rPVS96V46Ykw+71p0dy0JbvIJvtHrU9qGQOUBgJ39pU3HGdwWWZRYvML?= =?us-ascii?q?KPjLeaQVl8fuq/r4F6YP8h2a5/RZacfbJ0HGgsS/FiucRgJakwgcsjMaMw+c1+?= =?us-ascii?q?Kfm6BuV8alpO/52kYz7FiiNBIGy6pt5Yic8KqSuODXdwfRzaQDWqXyW8zzqK4j?= =?us-ascii?q?tliP6v0ijrECYGt1YxeoEOIFTM4S2n/gzbw2zSIrC87DHajv+OREV3IimjLvgY?= =?us-ascii?q?59Ek4TGvMJGbqL4YVekXs5m+PDMN0WabpOmmGVFR6rCrUC02Kk6zOLIGl5hRHD?= =?us-ascii?q?yxPwTnm17F/4ty94RjbDwMn4n0pJTLa3A1xSXy2zNU9+rjyPIBLitMDrtqQt8E?= =?us-ascii?q?E2LmvkucqLlGulI75XHsv/JNmGLSk1olIXgocxSca02YAHA9q9Pcse8G1jbvvE?= =?us-ascii?q?9WyniShBo71Ih4DG+MGa5u3XHWW8j62ds7iNwjFYxWQ/vVE78N+gLevC59yNQ/?= =?us-ascii?q?SvzGYRVDxyuw7OUh+6sLDbqEoUOUOT2kfRhIMKJs1Z3WU/1kz++OcsWtYz+xtF?= =?us-ascii?q?FobcZ/ICoiv+OCDozlaefd03UDWe0zpNEV7vF1l3BrQ80nrqvM3VjXfQ50EoRo?= =?us-ascii?q?5oekzjnhx3CoU1JFkj6FcJ3yUDFhINZgqDDLGyAkTlL5ULWlQfaRid27i6YKg3?= =?us-ascii?q?11Vpwryz/O/TcfB8B60VO/Zfjw6OmUNWGpcIvqweXr18YV5d9KjYpgT4DYjoQe?= =?us-ascii?q?Tmn2IqNfKpWsBa7dwZt3w67wa+Rhuv841M4KoAhZCTaKFEfYbDs9xm40dg/z4P?= =?us-ascii?q?eTRHgAJjgBOhTeAcuOfj78DAv5qp8eavWrwiR+cW9xgoH2RxlYbwgFQ4rN7L0O?= =?us-ascii?q?dTV5Pahp7i8ABXJH6KopzV3wN7KeoUJIKhZKxg+GkfJygCO3IOOsKba+Em7C9x?= =?us-ascii?q?LDrT51JDAsQWZdMbJcbNgh5biknoWLFV68raFUSVC59peMA082X3yD408ZwmUu?= =?us-ascii?q?bj8jO2Jo7Q70tLP/xdiCVgjtXCpPIawfDKEigY/WGZawRpwiOF05SNF+zw8vuI?= =?us-ascii?q?yN7OUVMJADU7XJpcJDqN+AynWvC6lI7zXQOO98//mpQ+e1yMRnaphqQKrr5MEf?= =?us-ascii?q?JciiX8xjVeGZr6h+iLvNqw6GtarVlHEIdv7RLbGKVQJIh7OQ/imsmtWEd8GjP1?= =?us-ascii?q?eNvIeRo2pOqW2uAM7v1xN0TgY48bPhUEy7X95XpOUARuTL/2vlCEXeMef9ZmTO?= =?us-ascii?q?3LrmpV6I16MaMPOkaSpIDypDdStF82GBMpaKM3rjFCc0nOmwtVW7r7uLEekQYc?= =?us-ascii?q?VN95tlVKGW2uJGI/6T3HVb5WjKmKEvAV9CucTrAWWUVyLix+Ww+12Ilpe7axkv?= =?us-ascii?q?BIrnhGnjhkrPY33DJoQhq8uSvxp6MCwj8g97S4uy8HuXNbVOmelD3ICVpbxvQQ?= =?us-ascii?q?kagcE2ri6UC7YHQbbovy57lnJcL6+YY943Q/ZQgjcDAHXOShDSHwlKCIAo2Uvd?= =?us-ascii?q?JChR6Npt/BbbuuIigTLLg9zwzsR2Rl2AjEgBlo6HcLQimn7NI8JYW9J9wqxiyz?= =?us-ascii?q?FGjfaVYD/6JJsMzqtVIRS+s2c1xhyn150sebXi0NWNDPG2Etgwgmd2pEfpxD6R?= =?us-ascii?q?sBGqgmmDmIuLdJ/h0ObDfSDIul5pHand3U1nklUddq2mXWq7WKhpMu131klc17?= =?us-ascii?q?7iqKuHkJbOzYVMlsAnnv2YtFz+zxeemtuPgdSIR60LShTOMCMs679Gu02JVrWl?= =?us-ascii?q?elxrMaH1q4LO8M2KzWUyKkSW2EQ+SEbXKAnzEjMk79/ROoNEE4aN9Wr08hNevP?= =?us-ascii?q?noJclwzkUb5vWiWQpEPUzG89PuMebQ42vpmoexASRu4Le+ecPfQuwOE5CFYUan?= =?us-ascii?q?/JHCh2C+yxsVO2noh0IXZg4UL8Yevz9ADqKt2SFQcYEYTCtJ5+5eS6Rn6dOX9n?= =?us-ascii?q?1BB9J1d79+HDF1kqre9cd5GRncTMh9Rlz+EKau1hMSonut4cgohj85Wb0N+WcR?= =?us-ascii?q?HNyZb/PcnVov+cA/LF1UQrdGZaUr4XYQ7u4oU6Odk5W6bNErRFpxQcArM6QIcg?= =?us-ascii?q?N2f3+6F4NgRzchTeZL6smMnluvqLZodIp3/R9l8wIjnTuxkCyvysUwN2dJGrh3?= =?us-ascii?q?T3IJA1WD1BtdltBQV8EItIAcMAoBKtA4SIl6Gjl9+x50R6tvcEsKroEPDK1ci2?= =?us-ascii?q?0JtqUphf5EyLICzRC7dxjkRilOSyje/K0oPtBsP6ZdMESO97T3bCar/CAIqyMS?= =?us-ascii?q?qOOsbmdE5d776c0a52UgmLZC/nQaWKriukO+t44U8j0Ix3YPLTzCAx77HcwNby?= =?us-ascii?q?Y2BbpiG+rX+GLZdf6F3KBffCXxJPUveF8XxqHasQbYfu8+cOK9MiysCG4wZv9D?= =?us-ascii?q?RCzNeFI6+5o0/XxE17cZPbLE302yc2XoUELwi/MUsyjm/DtHvdGW5TI9OnKcZz?= =?us-ascii?q?mtaVCALi501qlmEwaW5NAG3oRc2eOWIDwcKxeBWK9B5XD9YEh+O3fFQ3ubGySe?= =?us-ascii?q?lpPJVFnv6ntKsGkdZvNS7PQMlaPyfNLL55JDZRCf/PpFcwaB4er7c1Qps1ZYSJ?= =?us-ascii?q?IE4fMkeP0yDyzQzZ3kDvatys0rqJICYR8nVawLLF0SRMqxO/ufmHns3pSKrZY4?= =?us-ascii?q?3uXP7OLColUSmXSi8pHkqu/VekuuEEvOaDIWsFuVAbfD6dBBQIpq9xqdjQD2nT?= =?us-ascii?q?mfBsfZARmP+bWzrwSDBjlKYoCCdEr1yMQ+EEFQnQdXPhh3BcuAO6LP9W4X3ld6?= =?us-ascii?q?GYxrZSW+EODYtDaOaWQ8HZef9AIzcljSsZOOKmcN3HrrY5z0jETW0HHKnU7Fee?= =?us-ascii?q?VlKZQuSAxzL3WoUYp4o0ui8v+tLKhC93Er/IMq2ZpzG09463kieYtffZVmk3bE?= =?us-ascii?q?w/mPgCD3WZwBlcNGEEDMkYuFrjQq6Fe0lB1XEkhPlw2xASYgRzU3xv0npQnPqn?= =?us-ascii?q?HM1WV0IUhnu0QPIadFB3EC8w/UiS7w3wZtwAv8TTSnRb9rQSVIUdIv4o6JPLN6?= =?us-ascii?q?QO2vop2ixpoDBp+xmaWkhQigOD7rr4ALN3xroE43Ixuf5xQBKhWTTaJ07GwY2i?= =?us-ascii?q?AtkH5CBpumusg8zVtedpPaAcpoZ+G0wiBH5mYNfH8mYSAinPxAKuskPjT3ylKz?= =?us-ascii?q?UD7WNOfHQI?= X-IPAS-Result: =?us-ascii?q?A2EJBQALBHpY/wHyM5BeHQEFAQsBGAEFAQsBgw4BAQEBAR+?= =?us-ascii?q?BaI5KoXyGVSiIHVcBAQEBAQEBAQIBAmAogjMbgiMCNxQgDgMJAhcgAQEHCAgDA?= =?us-ascii?q?S0VHwsFGASIYgQBsx0mAoNohjOGRYY1gkoCEQFbCQEDhRgFmzqBe4sHhFCCBIU?= =?us-ascii?q?Og0GGJ0iSJFhxJBIqQoQ3HBiBSHKGXQINF4IXAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 14 Jan 2017 11:01:27 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v0EB0uWo007370; Sat, 14 Jan 2017 06:01:02 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v0EB0sIH210138 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Sat, 14 Jan 2017 06:00:54 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v0EB0r1B007368 for <selinux@tycho.nsa.gov>; Sat, 14 Jan 2017 06:00:54 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AtAgDmA3pYhyIeaIFeHQEFAQsBgzkBAQEBAYIHjkqhfIJEhDSIIlcBAgEBAQEBAhMBAQEKCwkKHYZhAQGBB4kDBAGgd5ImhBCGM4ZFhjWCSm8JAQOFGAWbOoF7iweEUIIEhQ6JaEiSJIFsEiqEKgELAUIcGIFIcoZdAg0XghcBAQE X-IPAS-Result: A1AtAgDmA3pYhyIeaIFeHQEFAQsBgzkBAQEBAYIHjkqhfIJEhDSIIlcBAgEBAQEBAhMBAQEKCwkKHYZhAQGBB4kDBAGgd5ImhBCGM4ZFhjWCSm8JAQOFGAWbOoF7iweEUIIEhQ6JaEiSJIFsEiqEKgELAUIcGIFIcoZdAg0XghcBAQE X-IronPort-AV: E=Sophos;i="5.33,227,1477972800"; d="scan'208";a="5907193" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 14 Jan 2017 06:00:52 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AG/JOVxDPPDmHYUWEDpj7UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPvzrsbcNUDSrc9gkEXOFd2CrakV16yN6Ou5BDBIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZbx/IA+4oAjfucUanItvJ6kswRbVv3VEfP?= =?us-ascii?q?hby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnD?= =?us-ascii?q?UBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulS?= =?us-ascii?q?wKMSMy/mPKhcxqlK9VoAyvqQFxzYDXZ4+YL+Zycr/HcN8GX2dNQtpdWipcCY28?= =?us-ascii?q?dYsPCO8BMP5AoYn8u1QOqh++ChO3BOjyyTFIgXj23bYh0+88FgzG2g0gEM4JsH?= =?us-ascii?q?TQttr1L70eUeGyzKnP1jXDdOhb2TLy5YnHaBwhpuuMXb1pfMfX1EIhFBvFg02N?= =?us-ascii?q?pYD7Oz6ZzPkBv3SU4uZ6W++jl3Qrpg9+rzS3xMohiJPFip8bx13K7yl13po5KN?= =?us-ascii?q?yiREN1f9KpFoZbuTuAOItsWMwiRnlluCYkxb0Cvp62ZC0KyZs6yxLFc/yHdIyI?= =?us-ascii?q?4xL/VOmPPTh4hHRleLOmhxav70es0Or8VtO70FpSrypFlMfDtmwV2hDO9MSKTu?= =?us-ascii?q?Fx8lq91TuAzQze5P1ILVo6mKfUM5Ihx6Q/lpsXsUTNBC/2n0D2gbeLeEs45+ak?= =?us-ascii?q?9/zqbbf7qJGHNo95kgPxP6s2l8y6Duk5PRICX2+B+eSzzLDj+0z5T6lNjv0yiK?= =?us-ascii?q?bZq4rWJcUcpq6+GA9VyZ0u5A24Dze71tQXgWcILElfdBKCgIXoNEvCIPfiDfew?= =?us-ascii?q?m1isiitkx+jaPr39BZXANmPDn6nlfbZ87U5c1QUywMtD55NUFr4BIPXzVlX3tN?= =?us-ascii?q?zDFBA1KQO0w+H5CIY16oRLQm+LA6mEIIvOoFSI4aQpOODKa4gL6xjnLP1wwf/l?= =?us-ascii?q?inswghc8eq6yxtNDbnGzGfBvOAOYZn33mf8ETXdMuRAxGr+5wGaeWCJeMi7hF5?= =?us-ascii?q?k34Ss2Xdqr?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EsAwALBHpYhyIeaIFeHQEFAQsBGQYMg?= =?us-ascii?q?w4BAQEBAYIHjkqhfIJEhDSIIlcBAQEBAQEBAQIBAhABAQEKCwkKHTCCMxmDZQE?= =?us-ascii?q?BgQeJAwQBoHeSJoQQhjOGRYY1gkpvCQEDhRgFmzqBe4sHhFCCBIUOiWhIkiSBb?= =?us-ascii?q?RIqhCoBCwFCHBiBSHKGXQINF4IXAQEB?= X-IPAS-Result: =?us-ascii?q?A0EsAwALBHpYhyIeaIFeHQEFAQsBGQYMgw4BAQEBAYIHjkq?= =?us-ascii?q?hfIJEhDSIIlcBAQEBAQEBAQIBAhABAQEKCwkKHTCCMxmDZQEBgQeJAwQBoHeSJ?= =?us-ascii?q?oQQhjOGRYY1gkpvCQEDhRgFmzqBe4sHhFCCBIUOiWhIkiSBbRIqhCoBCwFCHBi?= =?us-ascii?q?BSHKGXQINF4IXAQEB?= X-IronPort-AV: E=Sophos;i="5.33,227,1477958400"; d="scan'208";a="2295565" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mx1.polytechnique.org ([129.104.30.34]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Jan 2017 11:00:52 +0000 Received: from localhost.localdomain (32.206.133.77.rev.sfr.net [77.133.206.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id B57EB564CE5 for <selinux@tycho.nsa.gov>; Sat, 14 Jan 2017 12:00:50 +0100 (CET) From: Nicolas Iooss <nicolas.iooss@m4x.org> To: selinux@tycho.nsa.gov Subject: [PATCH 1/1] libsemanage: genhomedircon: consider SEMANAGE_FCONTEXT_DIR in fcontext_matches() Date: Sat, 14 Jan 2017 12:00:11 +0100 Message-Id: <20170114110011.13316-1-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.11.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Jan 14 12:00:50 2017 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
On Sat, 2017-01-14 at 12:00 +0100, Nicolas Iooss wrote: > When generating file_contexts.homedirs, libsemanage enumerates the > users > on the system and tries to find misconfiguration issues by comparing > their home directories with file contexts defined in the policy. The > comparison is done by fcontext_matches(). > > Currently this function only operates on file contexts with type ALL, > but it makes sense to also operate on the DIR ones, as a comment > states > in the function. > > For example on a system with the following entry in /etc/passwd: > > mytestservice:x:2000:100::/var/lib/mytestservice/dir:/bin/bash > > and with the following file context definition: > > /var/lib/mytestservice/.* -d > gen_context(system_u:object_r:var_lib_t,s0) > > "semodule -B" now shows the following warning: > > libsemanage.get_home_dirs: mytestservice homedir > /var/lib/mytestservice/dir or its parent directory conflicts with > a > file context already specified in the policy. This usually > indicates an incorrectly defined system account. If it is a > system > account please make sure its uid is less than 1000 or greater > than > 60000 or its login shell is /sbin/nologin. Thanks, applied. > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> > --- > libsemanage/src/genhomedircon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsemanage/src/genhomedircon.c > b/libsemanage/src/genhomedircon.c > index fd6d391984b6..465dd8829403 100644 > --- a/libsemanage/src/genhomedircon.c > +++ b/libsemanage/src/genhomedircon.c > @@ -246,7 +246,7 @@ static int fcontext_matches(const > semanage_fcontext_t *fcontext, void *varg) > > /* Only match ALL or DIR */ > type = semanage_fcontext_get_type(fcontext); > - if (type != SEMANAGE_FCONTEXT_ALL) > + if (type != SEMANAGE_FCONTEXT_ALL && type != > SEMANAGE_FCONTEXT_DIR) > return 0; > > len = strlen(oexpr);
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index fd6d391984b6..465dd8829403 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -246,7 +246,7 @@ static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg) /* Only match ALL or DIR */ type = semanage_fcontext_get_type(fcontext); - if (type != SEMANAGE_FCONTEXT_ALL) + if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_DIR) return 0; len = strlen(oexpr);
When generating file_contexts.homedirs, libsemanage enumerates the users on the system and tries to find misconfiguration issues by comparing their home directories with file contexts defined in the policy. The comparison is done by fcontext_matches(). Currently this function only operates on file contexts with type ALL, but it makes sense to also operate on the DIR ones, as a comment states in the function. For example on a system with the following entry in /etc/passwd: mytestservice:x:2000:100::/var/lib/mytestservice/dir:/bin/bash and with the following file context definition: /var/lib/mytestservice/.* -d gen_context(system_u:object_r:var_lib_t,s0) "semodule -B" now shows the following warning: libsemanage.get_home_dirs: mytestservice homedir /var/lib/mytestservice/dir or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than 1000 or greater than 60000 or its login shell is /sbin/nologin. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> --- libsemanage/src/genhomedircon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)