From patchwork Fri Sep 21 23:59:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10612347 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1797F14BD for ; Mon, 24 Sep 2018 12:27:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0544229EA3 for ; Mon, 24 Sep 2018 12:27:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EAD6529EA5; Mon, 24 Sep 2018 12:27:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from upbd19pa12.eemsg.mail.mil (upbd19pa12.eemsg.mail.mil [214.24.27.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 05ABF29EA3 for ; Mon, 24 Sep 2018 12:27:05 +0000 (UTC) X-EEMSG-check-008: 159495346|UPBD19PA12_EEMSG_MP12.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa12.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 24 Sep 2018 12:27:01 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="18574978" IronPort-PHdr: 9a23:KW/QJx90yVVayP9uRHKM819IXTAuvvDOBiVQ1KB61OwQIJqq85mqBkHD//Il1AaPAd2Eraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaOuB+fqfAdt0EQ2RPUNtaWyhYDo+hc4cDCuwMMuFaoIbnp1sOqhy+CRC1CO7zxDJFh2L60bQm3+g8DArK2BIsE84LvHnSsd77NrodUfqtwafWzTvNbP1Y1jny54bVahAso+yAULxsfsTe10YvDBjIjkmSpIH/Iz+ZyuoAv3ad4uF9VeyvkWknqwRprzWx3MgskZfGh4IIwV7Z6Sp5wJw6JcC2SE5/f9GkCoZbuiaGOIRsWcMtXWFptT0hyrIauZ60ZjUKyJojxxHBcfyLapSH7Qj5WOmNJjd4gWtodbSijBi89kigz/fzVsiy0FtSoSpFk8XMtnAQ1xPI8MSIVvx9/kKn1D2S1A7T8vlJLV07mKfUMZIswqM8moANvUnMACP6glj6gLeXe0gm4OSk9uXqb7H8qpKdN4J4kB/yProhl8G5HO82KBIBX3KB9uS5zLDj+Er5T6hUgfAuianZtYzaJdwcpq6kHw9ZyoYj5Ai7DzehyNkYgWMILEhEeBKalIjlIU3OIfDkAve/hFSgijFryOzdPrL9GJnNK3nDkLP5cbZ87U5T1hYzwMhC659bBbwNOvL+VlLruNDGARI1LRa4z/v/BNV4zIweWGaPAqGDMKPVtF+F/vkvLPeIZI8Uvjb9Nvck6+f1gn8+hF8de7Wm0oUMaH2jAvRnI1mWYXrrgtsbF2cKpRAxQPbliF2FTz5ff2yyUL4k5jEnFIKmCp/ORoKqgLyHxii7Ap1WaXpACl2XE3focIOEW/IWZyKJPs9ujCYEVaO7R48mzxGuuxfwy6B7IerM5i0YqZXj2cB35+3Rjx496T90D9+a02GLTmF0gHgFRzEy3KBirk1y0UqD0a5kg/xFD9BT4OlJUggiP57G0+N6E8zyWh7GftqRUFapXM6pDi83TtIw398OZF1wG9S8gR/dwSWmGbgVl6aEBJYs6KLTw2DxJ9phy3bBzKQukl4mQs1JNWK7mKF/8wnTCpXTnEqHjaaqcr4Q3CnX9GeM1WCOpl1XUBZsUaXZWnASflXZrczj6UPYTr+uEq8qMhNbxs6YK6tKccXpjVFcS/j/JtvSeWWxm32/BRyQ3LODcJLqe3kB3CXaEEUFnQET/XKDNQcgHCesuGzeAyJzGlLoeUPj6/F+qGm8Tk820Q6Fc1Fh26Cy+h4PivyWU+kT0a4cuCc9tzV0G06w39HMBNqDoAphYb5RYdAn71dE0mLZqhZxPpu6L6BtnlQeaRh4v1vy1xVrDYVNidIlo24wzApzN62YykhMeCmE0pD1ILHXLXPy/B+3Ya7Mxl7eyMqW+rsI6Pkgt1rspgWpGVQ583V709hV1GCR5o7WAwoTT53xVFo39xlgqL3AZCky+Z/U32V2Maaoqj/Cx84pBOw9xxa6YthQLbiJFAD3E8wVHcSuLvIlm0SxZBIeIO9S7LI0P9+hd/aew66rMvxgnDW9jWRb+419yUSM9y1yS+7NxZkFxeuU3g2ZWDfglF2hqNz4mZhYZTEOGWqy0SblC5RVZq1uY4kLE3yuLtapxtpgnZ7iQGNY9Fu5C1MBws+pdgKYb0bh0g1IyUQXvXunlDO+zzx1lzEpqrSQ3DfVzuv4ahUHIGlLSHNljVf2Loi+l8oaU1Swbwg1iBul4l73yLVHpKtlNWneWltHfy/zL25+SKSwraaCb9RJ6Jw2rSVdSP68bkyCSr7hvxsa1DvuH3VfxD8nazGqvY/5kwZmh2KdK3ZzqnXZdNp0xRfe4tzTX+RR3j0cSCl/kznXCUC2P8O18tWMi5fDrue+WnqlVp1Sainr0ZqMtDCl6m1uAB2/me2zm9L8HAghyS/71t9qVSTUoxbneIXr0bq1Mf5/dElyGFD889Z6Gp15koYonpEQ3nwahpGL8nodjWjzNtta1LnlbHoQWTEL2MTZ4A//2E1sNniJ3Z72Vm2Bwst9YNm3emAW1Tw778BRE6qU76JLnS1uolq+sw3RfeJxnjAHyfsh8HQamf0GuBIxziWBBbAfBVFYMjbxlxSM8d++tL9YZGCzcbeuzkpzhs2hDKqcrQFGQ3b1YIwiHSht7sVlLF3DznPz6ob+eNnfc90frBuUnAncj+JNMpI+iuIKhTZ7OWL6pXAl1eg7ggF10JGkuoiINmVt8Li/AhFGKj3/f9kT9S31jaZCgsaW2JiiHo17FTUWWJvlVu6nEDMOtfXnLgqOHiczqnGBFbrYBw+f519sr2jTHJCzK3GXOH4ZwM1hRBidIExQnhsZXDA9np43GACl2tDhcFt55jAW4173tAFAyuR2OBnjSm3fvhunai8oSJiDKxpb9g9C6F3TMcyC6eJzGjpV/pO/owOQLWybfR5HDXkTWkyDBVDsIKWh5cXa/+ifHOq+IOPEYa+SpuxGS/eI2ZWv35No/zaWKMqAI2JiAOc92kpfWnB5AN/UlC8TRCwSjS7NaNSbpBik8C1tss+/6OjrWB7o5YaXELRdKtJj+xS3gaeYK+6Qnzx1KS1G2ZwQ33PI06YQ3FoTiyFoajmsHq8NujLNTaLKh69XFAQXai1pO8tU9KI82Q9NNdTcitPv2b5yluQ1BEtdVVz9hsGpYtQHLHq8NFPIA0aLMq+LKiDVzM7sYKOzU7tQgP9Ttx2qtjaRC1XjMSiblzn1SxCvNvlBjCObPB1eoIG9dRJtCWn/TN34cRC7Nd53jSEswbIqnH/KMnQcMTdkeUNXsrKQ9T9Ygul4G2FZ6HpqM/OLmyKC4unbLZYWqudrDT5yl+JB43Q6yqFZ7CdaS/xpgCHStMJho0m6kumTzTpqSABOpShQhI2Vp0piI7nW9plbVHnf/RIN93ifCxMEp9t9EN3gpaBRxsLJlK3tNDdI68jU8tcEB8jINMKHN2IsPgfzFz7KDQsKUCWrOHrFiExHivGS8XOUroMkpZfwhZoOUL5bVEA1F/8ADERqAsACKo9tXjw4ib6bkNII5X2moRnVQ8VapI7IVvSTAPXoMzuZgr9EZwYSzbP/N4QTOZXx21Z+ZVligITKB03QUMhWoiJ/ag80oUNN8GVxT2Aox03lbQat72MJGv6vgh46kA1+bvox9D30+Vc4OkLKpDcskEk2gdjqnCyecDv2LKe2QYFaFjH5t1YvPZPhQgZ0bAqynUp+ODfCWb1Rk6NqdXp3hw/EpZtPBflcQLVYYB8RwPGXYOko0VRcqyi82EBH5OvEBoF5mwcwd56jsW5A0Rp5bNEpPazQOLZJzl9Ii62Uui+o1/w+zxEGKEYI8GKSfikIuEoSObQ9PCWo//Zj6QqblztNZWgATfwqrex29kklIeSP0zrg06JfKkC2L+GQNL2Wu27bmMGSX1wwyF0Hl1Ne/bdsy8cic1CYV0c1zLueDx4JL9bNKRlJb8pO83jeZTyOsePMwZ1pP4W9EeToTfSWuqgNn0yqBhokEYMX48sdGZms1V3XIt38LL4Z0xkt4hrkJEmdBvRTZB2LiCsHo924zJJvwYZdJCsSDnlmPCqr4bbXogsqgPudU9csfncVQJcLNnIsVM29gS5ZsGxKDCOr3eIB1AiC8zj8qzzKDDbmddpjY+ybaAhwCNGs4zo/7ba5iVrW8pXYKGH6MdViutDP6eMGqZaIEelUTbxnv0fahYZYW2SgU3TTHt6tO5jwd44sYMT6C3qgTlO/izM1T8LwPNm3LaiFmgDoSphKv4aFxjwjMtW9Fj4GERdqu+4D/L58ZREEY5cjZB7nrR4+N6+hLweE09WuRWmtJCBYTvZFy+W1e7hXzy0xbuCn03ssVJc6wPer8UQVXpEFkgnexeq/Z4lZSSXzAntdewHVqiojmWlhMeIywukkzRPNtlkcNCuLe/J1Z2xeuNE8HkiSIXRwCmo3XVOcipDD4gG01bAI4yRdh8pU0fFCsHXmpJDfei+sWKqxpZXWqCcgbNkmo6xtMYP4OMeGso3RniDHRpnKrgKFSDK6F+ZdmtVIPCJYR/xIlHo5OcAavIpO8lA9VsEgKLxTEKMsvKylaSJ4DS4Oyi8UT4GA3DscjeqnxrTViAyQf4o4MBwYrppNn8ERUyhobSMCvKWjTZnZl3eYSmgXJwce9QpM5BgamY92Yu/l4ZHIQYRJyz5OovJ4SzDLF5dz91fhTWGWm1f4Qu27k+O1xQJS0O7s0t4DVR5jFEdS2udWmVEsKLxsN6YQuYvKvSOSekPhoGLh0u2mK0dNycfMbV33EJLFtXbgUi0b4XAUXZRPyG3FGpsPjwp0c70rpFJRIIC8Zknx+Tokx5hzH7aiUcCn3VElrWwJRy2yCdpOF/lmsE7LWD1ie52ks5vlNIlOTmJS5ZGQpUxUn1lqMy681ZVTMdpN4iIWUDhJvzqdoMO4SNdf1s9uE58MPtB/tm/nGKxaJZeRo2c5uqD0x3/d/DA8rkm1yCuvFK+/Uu1W4XcSGgM3KGSCskMvFfcj8n/O8lDRtVB55/tbBqKRgkpvvTlwBY1OBjJV1XC/NVtzUnhGs+JeKKvLb8xQWf4yZQWgOxYmD/4pw1SJ/V1onXf+eyFysxFV+yTZXwYqSSkVnq3ilicFp8GhJzAaV4lIYik7YCfdNQ2XgyZXswhDa0tyQZAWHs5F+60H3YtT5sfCS1yjKTsCXBx5MgI3y+RfmFVGsEWFfSDdEQuoeurOshJte8eRt9SlLPPj/AdIkonnqvw3970fR326ng2gWdLeoJX6tt2ErEuOc7r3PPOnbH/dVjfMiwuwhbA+A5nM4SfTLBJRK4Nmxno8fZjhFWnLMAxJJ6IGJkpbUaR6ZstDou1BesBrZr0G+a53CRKBXB/vH5avrPZeJFbJWTveNzmB8vC4oY/L77zdSO3ga9eJx3nZQ6N4II166Tj9G7fly4Ne/FT52ut1/ENgVVfGKzyBrMjmJg4T4smiclDvvpwvHTPTGptwkXztxk9ad8UNWC2q7I4YyI5F53bsVOJ4yFb8vPdV97l+5ok9+6ppxtusJafONfRatldqAh2TBgVs6pUtD3ZwSntUYu8QMvjRe7oWjdzgquDwDawX6waV9/ZfadTZO0HLgtO/BS2ESRxYgAcBriYXLg+H1/6Am6J5Usilqvbk1UIq+VixNAYGzKpq5YeG5KWHuPPXYwHWzbgeVajgXtnzoag0u0OO+f0kk6YDem10YgK9CucSStUQxnz+wqA20y0jD9nPH7X6+P5MT3g5hC7vm4hhH1UKHfMZBaGE/YVFnmY2gePZNNwWcrxammmVCB6kFqQPxmKs6ySKPmZqmAzO0wv3QWOp9lD6tyh4QTHDz937iEpaSqG3BVtOXyquIUJ4qCmAPBb0u9r3t6U161s2Mm/9uNKWimShPLJXH8viJN2TOiQ0vEgYjIEtSdyv14EbHsC9INQL/HF9cPTe8WWrnDFFo6tdgIre+M6V8O3NHXa8l62at6mNxDdAx3g3o14/7MygNvbJ59GNWPSnyWIRTyZ5uwvcUB+4sbjboE4OOU2LykjHgooKMc9F3XMgzEHp+PAjQM4v9AVZDovAYfICqiz0ODvw21mfeMg7ViiZ0ztQBVL1CkJ1GK0z1WP/ps7Jkm3Q+1IwTIlqa0PnnQB3D5k/KU8151gY3jEDERMUZR6GA7+mA0XlLY0ZVUkMchmH0726db0x3UJt2L+v4/XTbeNkDaoXKvldlhKOnERcGp8Os60eR7J8e1lH+KHLpgjiD5XnUOXnlHoxM/21WcNa8cECuns84wa/WQCv6ZNe4LYakpyIcLBLYYTUtsBm80hn/SIPdjBKgBVnjhO5T/oTpOb479jfrZqn9+euVKE2R+kN8Bg0HWt+hYPqgF8/udHXy/tcSorNhIT97g9NLXCKuILB3hhyM+UOLZykfKp6+3UBOSceO2oEPcCKZPkk/y9tLDLT6kRNAsMIYtMZMtTCmQRQikDyQ7FT8czbGl6EBItpccAn8Xb3wigv8ZQgSubg9CO2JZfH4lFIPvNDjyZslNXZqegX2/XSCy8X4X+HZBhz2C+CzYeCC+ro9+WW1N7UT08GHjIxU4pFPzWN5wqnRvaumZXyVgOU7dPzgI4gdE2OW3O9hqMFsrxDEeRYkCX0wiBeFpzph/KSq9es5nVYtllGEIZr8xLIA6RePpR+ORT9iMarXEx8CTXldMHTbBout/Kcxv0Q7OVmK0v+eYgbLwoKyrLi83pVTxdhR6Dts1acXOIReMFmR+3eonBS84JgJLcFPEKBq5zysjdItFc2DRcuaL80sDNXbVHOnAlPVKbvpL4AixcTUcJjuUBSB228ImQ+6CTbVa5NlqmeFOQV8imPTqwJS0hoNiJ+QxWo2JRhYrepmfFHsnhaniNmu/Uq0iZpRB27uSH2oKINwz0g8qmitDodoXxFUvmekyDQBFVG1vsFkaccC3fk6Vy7e3QDcory4L95KsTk9Ikh5Wk/YBo5cy0BR+SgBDn6j7mUDYyXrNJcmBmNtd3MbbCpLigSMa8yxAn+R3h7zgjenBFo8HYEQjWg8N8oPoO9Ntg5xiCwA2jUaE4M4r9VsMv2rVMLV+U2aVZ9z2hi0cWKXTMNS9LVG2Y0jwkkbmNEfIhF6RAEC6l7ygqP641920lAZDbSD5Tg4YTbgN3JxWh4SNBm22bbjrOKi4ls03B/nd5wqCmUtyJWP87RVsJ3Sl30zJ1e0qSqZfCqqPoGU6NgwbGsUbkFKMb1vSON9d1OW0m41vxKBFe9Meke1p/HQiylTiueQu3NfG+SyXJxFm3WwFH8KlwxddcPrEInNObGroBTmhenUr5uQCiU41jBwzpnecEddwR+moCncgoRQehZM+qbJe5owvo+AV0XYnnhFiJwDOm3ulep2oN8PiMkqWb3bP+l2QfhM5PGGRQJCoXdqZ1Z8vygQWeAJHomywd9ag08y+rDDEk2/s9VdZqY1YzIitJ0zO8DMvRgKyswvvYS34Zk94TSy86JbAvYiJD/Y9PN9LzQO/TCywwPfWZAX/JNeQro460iN8M9HrjUGqFU+x8bAP5+CKc9On/x+ac8FwZ6dgrcdfzgmcXxjv6abZtT4XnN5xQ/KzmK/1VJzv2yUBw+YYumimv/JLguST9b6d5gEB1rGM1IAcxK516jApiJiOS1kNO85U5+k/EFvLC2Cf3Q0tm9mYJrUM4erWWPMSbcFeFHhU5/j/W7hL+U25X2A9njaNoCfOd+S2/BLLTBG9P7YhePMcH1+EpxyLeY2SZ/GkGUZSvRU6uJtS6jOLNi7FltjsRDde7NxSAq9byT/dbpYHtSrS7r+WXPMZZE60bDDuWHATpbTPOE9CBuGqhBPqXu8+JbGtU5zcnU2AJz5SlM1Mafa/yqp1TBy2pgfpLSMUXt1jx8UoBMKxO6Zxh/yVTFo2jQVCwPZvOvLtNg1ZPEVka3tUBshWEgYHJAEWP0RNCXfHIWwN+6eBbQqFkZEt0Em7fmYUdg6Ou/ROxzNdNAkOSu8rAGlYUMSWnUXMYPGSbWIfdtOyZJSP3VrQ0jawUJopAuUYc8eJaKLVlCO07GwiT3nm6gmVbseYmK06CEaD0T7m0ByrvE1TZWoAzssv+Cj9zLS7vZZYz4WPPIdSEsEDqdQGdXcw6y4Vnxnf0CsbKDJHsH5FAZZiXHEAkIuqVmtsTdFEfInutid8ZS2LXDC2b7TytjkbB0Ay9KsQaGTaBFBADWaHini21Z62nAbvNP/Hewd7SD3eIVQO0ZBIJQb+eUC8XVY/FQJjok130ZNe+wcsearuMRw1vISmxfGK7N+Q== X-IPAS-Result: A2C1BgCF16hb/wHyM5BaHQEBBQEHBQGDXANlI1wojGiLSYFogn6LE4h3gV8qAxABhQSDFiE4FAEDAQEBAQEBAgFsHAyCNSSCZwI3BgEBDCAMAgMJAkAICAMBLRQBFwEHBQYCAQEBGASDAAGBaQMVA5cRihyCHYJ1AQEFgQQBAXWCMAOCUwgXimEXggCBEicMgjGDSQKBLgESAQeFcIhKhXYxjhAJggyEN4lgHVmBNocFhhiOe4dnIWRxTSMVO4JsCYIQg2mKHAFVT3sBAYl9gj0BAQ Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2018 12:26:59 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCQ8Sd028640; Mon, 24 Sep 2018 08:26:22 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8LNxVYt018177 for ; Fri, 21 Sep 2018 19:59:31 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8LNxVfD007243 for ; Fri, 21 Sep 2018 19:59:31 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BIAABUhaVbly0YGNZbHQEBBQEHBQGBVIIIaH8og3OIdItLgWiCfosTiHeBZiaEUUSDBCE3FQEDAQEBAQEBAhQBAQEBAQYYBkyFbh0BATcBNAImAkcYAQwGAgEBgx0BgWkDFQOYG4ocb4EugnUBAQWBBAEBdYI9A4JRCBd0iWUXggCBEicMgjGDSQKBSYMZgleISoV0MY4NCYIMhDeJYB1ZgTaHBYYUjneHYoF3TSMVgycJghAag0+KHAFVT45UAQE X-IPAS-Result: A1BIAABUhaVbly0YGNZbHQEBBQEHBQGBVIIIaH8og3OIdItLgWiCfosTiHeBZiaEUUSDBCE3FQEDAQEBAQEBAhQBAQEBAQYYBkyFbh0BATcBNAImAkcYAQwGAgEBgx0BgWkDFQOYG4ocb4EugnUBAQWBBAEBdYI9A4JRCBd0iWUXggCBEicMgjGDSQKBSYMZgleISoV0MY4NCYIMhDeJYB1ZgTaHBYYUjneHYoF3TSMVgycJghAag0+KHAFVT45UAQE X-IronPort-AV: E=Sophos;i="5.54,287,1534824000"; d="scan'208";a="375792" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 21 Sep 2018 19:59:30 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BDAADMhKVbly0YGNZbHQEBBQEHBQGBVIIIaH8og3OIdItLgWiCfosTiHeBZiaEUUSDBCE3FQEDAQEBAQEBAgETAQEBAQEGGAZMDII1JIMJHQEBNwE0AiYCRxgBDAYCAQGDHQGBaQMVA5giihxvgS6CdQEBBYEEAQF1gjwDglEIF3SJZReCAIESJwyCMYNJAoFJgxmCV4hKhXQxjg0JggyEN4lgHVmBNocFhhSOd4digXdNIxWDJwmCEBqDT4ocAVVPjlQBAQ X-IPAS-Result: A0BDAADMhKVbly0YGNZbHQEBBQEHBQGBVIIIaH8og3OIdItLgWiCfosTiHeBZiaEUUSDBCE3FQEDAQEBAQEBAgETAQEBAQEGGAZMDII1JIMJHQEBNwE0AiYCRxgBDAYCAQGDHQGBaQMVA5giihxvgS6CdQEBBYEEAQF1gjwDglEIF3SJZReCAIESJwyCMYNJAoFJgxmCV4hKhXQxjg0JggyEN4lgHVmBNocFhhSOd4digXdNIxWDJwmCEBqDT4ocAVVPjlQBAQ X-IronPort-AV: E=Sophos;i="5.54,287,1534809600"; d="scan'208";a="16119992" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 21 Sep 2018 23:59:30 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;2cfa85cc-72ff-4761-8132-f74d3eb3c78a Authentication-Results: ucol19pa06.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-18.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 455138197|UCOL19PA06_EEMSG_MP4.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 74.6.128.41 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DbAABUhaVbhimABkpbHAEBAQQBAQcEAQGBVIJwfyiDc4h0jTOCfosTiHeBZh4IhFFEgwQZBgYzFQEDAQEBAQEBAQEBEwEBAQoJCwgbDiMMgjUkgwkdAQE3ATQCJgJHGAEMBgIBAYMdAYFpAxWYHoocb4EugnUBAQWBBAEBdYI9A4JRCBd0iXyCAIESJwyCMYNJAoFJgxmCV4hKhXQxjg0JggyEN4lgHVmBNocFhhSOd4digXdNIxWDJwmCEBqDT4ocAVUfMI5UAQE X-IPAS-Result: A0DbAABUhaVbhimABkpbHAEBAQQBAQcEAQGBVIJwfyiDc4h0jTOCfosTiHeBZh4IhFFEgwQZBgYzFQEDAQEBAQEBAQEBEwEBAQoJCwgbDiMMgjUkgwkdAQE3ATQCJgJHGAEMBgIBAYMdAYFpAxWYHoocb4EugnUBAQWBBAEBdYI9A4JRCBd0iXyCAIESJwyCMYNJAoFJgxmCV4hKhXQxjg0JggyEN4lgHVmBNocFhhSOd4digXdNIxWDJwmCEBqDT4ocAVUfMI5UAQE Received: from sonic304-18.consmr.mail.bf2.yahoo.com ([74.6.128.41]) by ucol19pa06.eemsg.mail.mil with ESMTP; 21 Sep 2018 23:59:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537574367; bh=yI3y1RAtSUaa5X1VvZSk6B45eg3cxiuzbkTHwex6+Dg=; h=To:Cc:From:Subject:Date:From:Subject; b=eSVwyCor/lRzgf6+0y+9BIrJSnKB/tZeNCA8eMkBsd+MsJO4lrds+pVZVL9PmB4fIgaj8o67iPuINtvSZ6wVwXtQ6kC7OTePPm94xjrCW0kuq1MPq2dNJFJ12tbr1Fdb4apAh7zdeLy3BrCNB77HzL73zf1MEMePKL34mlwT0/Ili5AeWCQJaGalIqJAyQcylbTfayHn1Oj/eFitH5bmm/txPoHdXyM44TsTKSsfzEp5TeVAbx3RJHHWkeo7LzSGIQvsk6zzzWnjU84Vzp7mwcffKtqAZ91xmFB56PNiXPdp/tyhedkVQSRMiKejkRv7Y3p5t7FvSHtXzziZND+X7A== X-YMail-OSG: 2o2_My4VM1nj9fCc.p9RosUdWmqEZxrgtOGjHbebznsNMnV2UR.Ok56w2g4M0FW pnlwJdulbpztUwcUke63q1bmNnNLex.MrpGfiSZaJnLIdbLtMf0WlBW8Drb1T6tgSUZ0ucb2HiTy 8pfNWIhV5leT15aAidyvawKG47Nhl7VflF25q0WBijcvHgLLZhW4kpBZbpFHRRzIJQj1rpK7rLEV p6ITsW25.HQFMDIeWe2rrDORCBu95MP3bWjm.7JIkowWH566NsPRkIsUUJnwY68h6p9_Rw54pLtz 6BcKGsQzrYdntliXLV62oMrqNzK_fw1.lZ8z8BblyuxV_dHLoV_.Cz8IB91U1Yq9t3x5TtvSH47v BZ1.XWmf7ln9Nh_n2uEnEX59fokuph_6hlGcBoo5sehjzS2qmhy_TB.Dnj1ErTIr3ecZHbf9gXTn shNemP7mCPTu4eX4e8LzgEiV9n4B6uJ7sZmAs6xRQ5nH_tO4ny1TKTj7HBolBzYw8A5KQYPIo9Q0 8T2oMOvXimHNKyZGzyZHSN05UUuV6WRWCwHxvaCxfYZCSNWlL0dcPQsnfU7SBXRYmVYArwaUFE3M d6cKTwiPahzSmdv7pfbedlCCXagEjnlt_OrkeMtxg1B166DxzWFEnVtPfAsC_yVdioLCww7rPr78 DKGJAjzeKggDrBycgAgw6RI4_wwEVpTY2ywEf9dAvYZVpGzEytBKQ5YXmaYmyXqwNILmo5c0tmVY 9BgMEit1X00qzcqxuwS0Su7J3rqAhub2OduCcrAnN3DQ9k21mCYM7fcqclZ8xY2xD4KDy08ByiPL yHkt09LgpDajycxyj55ti7y5fsgP58XAfT4Njp9i306pxLgLjbiUJ5KSgESx8OlU5IG9YYjtTh6S XS1lQfZK03NQ1EgDGtgDk1Q5oIKiSIbBVtW8FYWJBl14l7II5fvrJuMBpc5DQA3n8clLWhN51tXl pXzUXcEENo3riv_hIZzUqAjbb62Oa4S6teUV8gIgGR4Kfp2ZUXgyE6K5ydC_OR4ET9ReRsz2jwZL hK3lZDmS8A0qciQhgTCTBbrR5fTidLRRTS9p3nQh1oSnYriIfbHW6B2MbDlOxtw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Fri, 21 Sep 2018 23:59:27 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp426.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2bea0198d08c0840eb41a19b0854a8e4; Fri, 21 Sep 2018 23:59:26 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Fri, 21 Sep 2018 16:59:21 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP v4: Finer granularity in the patches and other cleanups suggested by Kees Cook. Removed dead code created by the removal of SELinux credential blob poisoning. v3: Add ipc blob for SARA and task blob for Landlock. Removing the SELinux cred blob pointer poisoning results selinux_is_enabled() being unused, so it and all it's overhead has been removed. Broke up the cred infrastructure patch. v2: Reduce the patchset to what is required to support the proposed SARA and LandLock security modules The SARA security module is intended to be used in conjunction with other security modules. It requires state to be maintained for the credential, which in turn requires a mechanism for sharing the credential security blob. It also uses the ipc security blob. The module also requires mechanism for user space manipulation of the credential information, hence an additional subdirectory in /proc/.../attr. The LandLock security module provides user configurable policy in the secmark mechanism. It requires data in the credential, file, inode and task security blobs. For this to be used along side the existing "major" security modules mechanism for sharing these blobs are provided. A side effect of providing sharing of the crendential security blob is that the TOMOYO module can be used at the same time as the other "major" modules. The mechanism for configuring which security modules are enabled has to change when stacking in enabled. Any module that uses just the security blobs that are shared can be selected. Additionally, one other "major" module can be selected. The security module stacking issues around networking and IPC are not addressed here as they are beyond what is required for TOMOYO, SARA and LandLock. git://github.com/cschaufler/lsm-stacking.git#stacking-4.19-rc2-saralock-v4 Signed-off-by: Casey Schaufler --- Documentation/admin-guide/LSM/index.rst | 23 +- fs/proc/base.c | 64 ++++- fs/proc/internal.h | 1 + include/linux/cred.h | 1 - include/linux/lsm_hooks.h | 24 +- include/linux/security.h | 15 +- include/linux/selinux.h | 35 --- kernel/cred.c | 13 - security/Kconfig | 92 +++++++ security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 24 +- security/apparmor/include/file.h | 9 +- security/apparmor/include/lib.h | 4 + security/apparmor/include/task.h | 18 +- security/apparmor/lsm.c | 68 +++-- security/apparmor/task.c | 6 +- security/security.c | 438 ++++++++++++++++++++++++++++++-- security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 -- security/selinux/hooks.c | 333 +++++++----------------- security/selinux/include/audit.h | 3 - security/selinux/include/objsec.h | 48 +++- security/selinux/selinuxfs.c | 4 +- security/selinux/ss/services.c | 1 - security/selinux/xfrm.c | 4 +- security/smack/smack.h | 55 +++- security/smack/smack_access.c | 4 +- security/smack/smack_lsm.c | 315 ++++++++--------------- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 26 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 57 ++++- 33 files changed, 1098 insertions(+), 651 deletions(-)